Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2015 10:28:46 -0600
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: dynamic.cnf: SHA1 40 bytes, not first 32

Ok,

Here is a 'sample' to get going.  I am going to do sha1^5  (base-16 convert each time). To build sample hashes, I use pass_gen.pl (found in run directory)

$ ../run/pass_gen.pl 'dynamic=num=1506,format=sha1(sha1(sha1(sha1(sha1($p)))))'
...
test
u0-dynamic_1506:$dynamic_1506$a24356350f622a8d2158e7ebdaa9d8ff12f469d9:0:0:test::

So a sample hash for this one is:  :$dynamic_1506$a24356350f622a8d2158e7ebdaa9d8ff12f469d9   (for password test).

A simple working dyna script is this:

[List.Generic:dynamic_1506]
Expression=sha1^10(prior.$salt.$pass.$const_salt)
Flag=MGF_INPUT_20_BYTE
Flag=MGF_FLAT_BUFFERS
Flag=MGF_KEYS_INPUT
MaxInputLenX86=110
MaxInputLen=110
Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
Test=$dynamic_1506$a24356350f622a8d2158e7ebdaa9d8ff12f469d9:test


Now, I was trying to read into what the hash you were trying to build, and I 'see' this (I do not know ruby, so I am not 100% sure).  But this one does not work with the provided sample hashes you have given.  This was the 1 item I am unsure of:  args.flatten.join('--')   I assume that will concatenate all items ($digest.$salt.$pass.$constant) in perl syntax.  If this also jams 2 -- chars between each value, then I can easily make adjustments (adding a 2nd constant)


[List.Generic:dynamic_1505]
Expression=sha1^10(prior.$salt.$pass.$const_salt)
Flag=MGF_INPUT_20_BYTE
Flag=MGF_SALTED
Flag=MGF_FLAT_BUFFERS
MaxInputLenX86=80
MaxInputLen=80
CONST1=e394874f149f5867149f026af47b2f9506b76e63
Func=DynamicFunc__clean_input
Func=DynamicFunc__clean_input2
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
Test=$dynamic_1505$c7c8c668720a795975baf07ce6eda2aac52b84cc$salt:password
Test=$dynamic_1505$15befede59f9d685170e78495f6a02849e6b7f28$uyagsf78s6ga8cfvgbhnjkefhagsid78f:password


..... Original Message .....
From: Ivan Novikov Sent: Wednesday, January 21, 2015 8:11

Hi all!

Just want to brute hash for following ruby code (graylog):

      def password_digest(password, salt)
        digest = REST_AUTH_SITE_KEY
        REST_AUTH_DIGEST_STRETCHES.times do
          digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
    ...
    def secure_digest(*args)
      Digest::SHA1.hexdigest(args.flatten.join('--'))
    end
    ...
    REST_AUTH_DIGEST_STRETCHES = 10
    ...
    REST_AUTH_SITE_KEY         = 'e394874f149f5867149f026af47b2f9506b76e63'

10 rounds of SHA1 with two different salts (static and user).
Samples:
Test=$dynamic_1504$c7c8c668720a795975baf07ce6eda2aac52b84cc$salt:password
Test=$dynamic_1504$15befede59f9d685170e78495f6a02849e6b7f28$uyagsf78s6ga8cfvgbhnjkefhagsid78f:password

But i can't understand why DynamicFunc__SHA1 is 32 bytes function instead of 40 bytes...
As a first step i want top produce 10xSHA1 rounds but following code doesn't work:

[List.Generic:dynamic_1504]
Expression=sha1 x10($pass)
Flag=MGF_FLAT_BUFFERS
Flag=MGF_KEYS_INPUT
MaxInputLen=110
MaxInputLenX86=110
Func=DynamicFunc__clean_input2_kwik
Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL

Can you please get me advice?


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.