Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 30 Sep 2017 00:29:42 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: RFC: Hashkiller Rosetta Stone

On 2017-09-29 17:13, Royce Williams wrote:
> I'm working on a Hashkiller Rosetta stone (list of upload formats supported
> by Hashkiller, and how to use those modes in hashcat, john, and MDXfind.
> 
> A draft is here:
> 
> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757
> 
> Any help/tips appreciated. I don't know the underlying algorithm of many
> product-specific formats, so I'm almost certainly missing some obvious ones.
> 
> My future ambition is to expand this concept to be a Rosetta Stone for the
> superset of all formats supported by any known product. Small steps first.
> :)

Most formats consisting of a combination of simple primitives, like 
'md5(md5($pass).md5($salt))' are possible in JtR on CPU using the 
"dynamic compiler" format. That very example would be written like this:

$ ../run/john -test -form:dynamic='md5(md5($pass).md5($salt))'
Benchmarking: dynamic=md5(md5($p).md5($s)) [128/128 AVX 4x3]... DONE
Many salts:	12448K c/s real, 12573K c/s virtual
Only one salt:	5458K c/s real, 5404K c/s virtual

It can do many crazy combinations that is (probably) not used anywhere:

$ ../run/john -test -form:dynamic='sha1(md5(md4($pass).$salt))'
Benchmarking: dynamic=sha1(md5(md4($p).$s)) [128/128 AVX 4x1]... DONE
Many salts:	5816K c/s real, 5816K c/s virtual
Only one salt:	5340K c/s real, 5340K c/s virtual

Sometimes it's not very fast, but it's always there - very handy. Note 
that any time there is a dedicated format for your need, you can bet 
that one is faster, and sometimes a LOT faster, than this "dynamic 
compiler" stuff.


On another note, I'd add input syntax (or sample hashes) to the Rosetta 
Stone if I were you. Sometimes they differ, especially in how/where you 
specify the salt. Hashcat uses hash:salt while JtR never EVER has a ':' 
within a ciphertext (it's impossible, by design, and that makes the pot 
file unambigous).
Sometimes the various crackers also differ in whether they want the salt 
as plaintext or hexified, and (if plaintext) they might have different 
ways to hex-escape stuff (eg. hashcat $HEX[cafe] vs. JtR $HEX$cafe)


Cheers,
magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.