Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Sep 2012 11:27:08 -0500
From: "jfoug" <>
To: <>
Subject: RE: Salted SHA1 Hash

I had to make a couple changes to that to_dyna.c code.  I had to add hash
length (using a -hl=# switch).  Here is a 'working' hash

$ echo
23' | ../run/to_dyna -d=62 -hl=64 -ss=$

Dyna_62 is  sha256($p.$s)

The $HEX$3a32303132303930313a3233  is hex encoded salt of:  :20120901:23

Here is the 'usage' for to_dyna.

$ ../run/to_dyna -?
usage to_dyna [options] < input > output
                -d=#   dyna number (-d=12 and $dynamic_12$hash$salt is used)
                -a     ALL hashes get $HEX$ and not simply hashes which have
                -ls=#  The salt is the leading data, and it is # bytes long
                -ss=b  The salt separator char is b  a blank -ss= means no
separator char
                -hl=n  The length of hash.  SHA1 is 40, MD4/5 is 32, SHA256
is 64, etc
        defaults are -d=12 -ss=: -hl=32

This tool will be in the git repository (somewhere).  I am waiting on Magnum
to list where he would like it.


>-----Original Message-----
>From: groszek []
>Sent: Wednesday, September 05, 2012 10:59 AM
>Subject: Re: [john-users] Salted SHA1 Hash
>On 09/05/2012 01:16 PM, NeonFlash wrote:
>> How do you load a Salted SHA1 hash in JtR?
>> Both dynamic_24 and sha1-gen are not working for me.
>> The format of the hash is: sha1($pass, $salt)
>> Here is how the hash and salt look like:
>> HASH =
>> D2AB614E4E9A8D4B434FB4666E885C583EADD82E69D2D7644A578AE704213E2A SALT
>> = :20120901:23
>> Formatted it as:
>> $SHA1s$:20120901:23$D2AB614E4E9A8D4B434FB4666E885C583EADD82E69D2D7644A
>> 578AE704213E2A
>> ./john -fo=sha1-gen -w:wordlist.txt sha1.txt
>> No hashes are loaded!
>> Now, Formatted it as:
>> $dynamic_24$D2AB614E4E9A8D4B434FB4666E885C583EADD82E69D2D7644A578AE704
>> 213E2A$:20120901:23
>> ./john --subformat=dynamic_24 -w:wordlist.txt sha1.txt
>> No hashes are loaded!
>> I have tried converting the hash into lowercase as well just in case
>that was causing an issue in loading them.
>> Help would be appreciated.
>This doesn't look like sha1, it's 64 char hash that would match sha256.
>Quick google reveals someone is paying 500 usd for that hash to be
>cracked... and it is sha256.
>My suggestion would be to use raw-sha256 and create rules that would
>simply append the salt (:20120901:23) to every tried password. But don't
>expect it to be easy, if there is $500 bounty

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.