Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jun 2012 23:35:58 +0200
From: Jean-Michel PICOD <>
Subject: Re: SSHA / SHA256 BASE64 on 1.79-5


I think you are just doing it wrong.
It is nothing but a plain sha256 hash that has been encoded in base64.
The format that john supports is hex-encoded hash.

The following python snipplet should do the work :


#!/usr/bin/env python
import base64,sys

while True:
    line = sys.stdin.readline()
    if line == "":
    line = line.rstrip("\n")
    print "$SHA256$" + base64.b64decode(line).encode("hex")




2012/6/24 Stephen John Smoogen <>:
> On 24 June 2012 14:34, newangels newangels <> wrote:
>> Hello Stephen,
>> Thanks a lot for your reply & analyse.
>> Here the answer about my computer's profile.
>> 1/ Computer's: ( MacPro & MacBook Pro, SSD etc...Quad Xeons & I7)
>> 2/ OS = MAC_OSX LION ( last version)
>> 3/ JTR = 1.7.9 - 5 JUMBO ( from Erik Winkler compilation + other one by me)
>> After some try, i think the SSHA are removed on this new version by the dev no ?
>> (cause remember with passed version i can run --format=SSHA here no)
>> ./john --format=ssha --test
>> = Unknown ciphertext format name requested
>> Ok, i try to run with your decode one & it sem working with this syntax format :
>> .john --format=salted-sha1 hashe.txt
>> Loaded 1 password hash (Salted SHA-1 [SSE2i 8x])
>> Concern, the thing i know about this hashe, is an SHA256 Base64, so
>> how it can be interpreted by john like an SHA1-Salted, that format
>> take the Sha256 even salted & encode ??
>> Anyway, i try to run in this way so....
>> new-host:run xxxx$ ./john --format=salted-sha1 --test
>> Benchmarking: Salted SHA-1 [SSE2i 8x]... DONE
>> Many salts:     14064K c/s real, 14064K c/s virtual
>> Only one salt:  12414K c/s real, 12414K c/s virtual
>> Ok, in the case is the way to go, can you please give me the tricks
>> for decode this list of hashes i have to make them run properly, cause
>> i got an big amount of them, maybe an Python or perl script exist ?
> I actually just went to the first website google came up with base64
> decode which gave me:
> <data>->W6<data>
> I then did a guess and cut the string at the + to see what I got then,
> at which point I got
> W6<data>
> which I figured was the salt. I am not sure how well that guess will
> work but you could try a visual check with the following python:
> #!/usr/bin/python
> import base64
> FILE=open("ssha");
> for A in FILE:
>    a=A.strip()
>    print a
>    x=base64.standard_b64decode(a)
>    print x
> Just realize it will output data which will make a terminal lockup etc
> so redirect it to a file
> --
> Stephen J Smoogen.
> "The core skill of innovators is error recovery, not failure avoidance."
> Randy Nelson, President of Pixar University.
> "Years ago my mother used to say to me,... Elwood, you must be oh
> so smart or oh so pleasant. Well, for years I was smart. I
> recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.