Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Feb 2013 02:53:32 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

On Fri, Feb 08, 2013 at 03:14:44PM -0700, Stephen John Smoogen wrote:
> On 8 February 2013 13:24, Jon Schipp <jonschipp@...il.com> wrote:
> > I have a salted SHA-512 hash that I'm having trouble cracking, it's from an
> > AIX 5.3 OS, using their Pluggable Authentication Modules.
> > The /etc/security/passwd file has account information in stanzas:
> >
> > test:
> >         password =
> > {ssha512}06$aXayEJGxA02Bl4d2$TWfWx34oD.UjrS/Qtco6Ij2XPY1CPYJfdk3CcxEjnMZvQw2p5obHYH7SI2wxcJgaS9.S9Hz948R.GdGwsvR...

Wow, we were not aware of the "{ssha512}06" prefix for sha512crypt
hashes (which I hope what they are).  JtR will load the line above if
you change "{ssha512}06" to "$6" as Stephen correctly suggested, but you
also need to use a version/build of JtR supporting sha512crypt either
natively or via the underlying OS.

> > Do any of the releases support SSHA-512? I'm currently trying with
> > john-1.7.9-jumbo-5-macosx-Intel-2.

That version is too old for sha512crypt on Mac OS X.  You need at least
1.7.9-jumbo-6, or alternatively you may run any version 1.7.6 or newer
on Linux or Solaris.

You may download a newer build for Mac OS X here:

http://openwall.info/wiki/john/custom-builds#Compiled-for-Mac-OS-X

... or you may do your own build of an even newer version (such as from
our git repository).

> > And does the "raw" in raw-sha512 mean without salt?

Yes, and besides your hash is not merely salted, it is a very specific
algorithm that also involves a large number of iterations.

> $6$aXayEJGxA02Bl4d2$TWfWx34oD.UjrS/Qtco6Ij2XPY1CPYJfdk3CcxEjnMZvQw2p5obHYH7SI2wxcJgaS9.S9Hz948R.GdGwsvR...

This works, although I suspect that Jon replaced some chars with dots
(it is uncommon to see this many dots).

> and see if it is accepted as that.

I've just tested with bleeding-jumbo (built as linux-x86-64-gpu and with
OpenMP enabled), it is accepted.

$ ./john pw 
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-opencl"
Use the "--format=sha512crypt-opencl" option to force loading these as that type instead
Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-cuda"
Use the "--format=sha512crypt-cuda" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64 OpenSSL])
guesses: 0  time: 0:00:00:27 33.38% (2) (ETA: Sat Feb  9 02:52:44 2013)  c/s: 1985  trying: rose0 - asdf0

$ ./john pw -form=sha512crypt-opencl
Device 0: GeForce GTX 570 
[...]
guesses: 0  time: 0:00:11:28 0.00% (3)  c/s: 13239  trying: baynd1 - bmday7

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.