Date: Sat, 30 Sep 2017 00:44:32 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-users@...ts.openwall.com Subject: Re: RFC: Hashkiller Rosetta Stone Am 29.09.2017 um 23:58 schrieb Solar Designer: > On Fri, Sep 29, 2017 at 07:20:31AM -0800, Royce Williams wrote: >> I'm working on a Hashkiller Rosetta Stone (a list of upload formats >> supported by Hashkiller, and how to use those modes in hashcat, john, and >> MDXfind.) >> >> A draft is here: >> >> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757 >> >> Any help/tips appreciated. I don't know the underlying algorithm of many >> product-specific formats, so I'm almost certainly missing some obvious ones. > > It'd help if you list example hashes, preferably all for a fixed > password like "password", so that you don't need to list the > corresponding different plaintext passwords as well. It would also help if you would use another syntax for those "generic" algorithms. Currenntly, it is unclear whether MD5-MD5SALTMD5PASS means md5(md5(salt).md5(pass)) or not. > JtR supports command-line dynamic formats now (and has been for a couple > of years, due to work by Jim), so most if not all of your "unsupported"s > are actually supported at least in this way. Yes, you can combine several basic hash functions, use password and/or sewveral salts, even constant expressions, etc. Check doc/DYNAMIC*,especially doc/DYNAMIC_COMPILER_FORMATS.md. > Those command-line dynamics typically allow for a higher password > length, too. For example, when experimenting with Update 2 from > https://haveibeenpwned.com/Passwords I found that "--external=Repeats" > cracks plenty of passwords of lengths up to 109 (and I've just tested > that it cracks 110 too, but not 111 - as expected) with > "--format=dynamic='sha1($p)'", whereas "--format=raw-sha1" only goes up > to length 55 (also as expected). But the dynamic_* formats are usually somewhat faster than the dynamic='<expression>'. >> My future ambition is to expand this concept to be a Rosetta Stone for the >> superset of all formats supported by any known product. Small steps first. >> :) > > Cool. With JtR's command-line dynamics, its list of supported formats > is sort of "infinite", though. ;-) You even get basic bash completion support for the dynamic-formats: $ ./john --format=dynamic=[tab][tab] lists these possible completions: $ ./john --format=dynamic= gost\( haval192_5\( md2\( sha1_64\( skein224\( haval128_3\( haval224_3\( md4\( sha224\( skein256\( haval128_4\( haval224_4\( md5\( sha256\( skein384\( haval128_5\( haval224_5\( panama\( sha384\( skein512\( haval160_3\( haval256_3\( ripemd128\( sha3_224\( tiger\( haval160_4\( haval256_4\( ripemd160\( sha3_256\( whirlpool\( haval160_5\( haval256_5\( ripemd256\( sha3_384\( haval192_3\( keccak_256\( ripemd320\( sha3_512\( haval192_4\( keccak_512\( sha1\( sha512\( The \ is needed unless you quote the expression. I'll see whether I manage to support bash completion even for --format='dynamic= or --format=dynamic'= etc. Then I can drop the backslashes. If you quote the expression, it could look like this: $ ../run/john -test -form:dynamic='sha1(md5(md4($p.$s).$s2))' Benchmarking: dynamic=sha1(md5(md4($p.$s).$s2)) [128/128 AVX 4x1]... DONE Many salts: 5243K c/s real, 5243K c/s virtual Only one salt: 4813K c/s real, 4813K c/s virtual ($s is the first salt, $s2 a second salt in that example) Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.