Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 9 Jun 2018 22:12:07 -0500
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: Using PBKDF2-HMAC-SHA256

On 6/9/2018 2:56 PM, Chris Bonk wrote:
> I'm trying to get PBKDF2-HMAC-SHA256 hashes to be loaded. The example hash
> below loads just fine.
>
>         rounds: 100000
> "salt": "e65814e4382759f85550029e723dc7e7",
> "derived":
> "5f37a3bd08ac1c7d163294a3cb192ed1407b62bbc6a6259fee55f6e53f754273"
>
> My hash file:
> $pbkdf2-sha256$100000$ZTY1ODE0ZTQzODI3NTlmODU1NTAwMjllNzIzZGM3ZTc=$NWYzN2EzYmQwOGFjMWM3ZDE2MzI5NGEzY2IxOTJlZDE0MDdiNjJiYmM2YTYyNTlmZWU1NWY2ZTUzZjc1NDI3Mw==
>
>
PW:  "governor washout beak"

$ ./base64conv.exe -i hex -o mime e65814e4382759f85550029e723dc7e7
e65814e4382759f85550029e723dc7e7  -->  5lgU5DgnWfhVUAKecj3H5w

$ ./base64conv.exe -i hex -o mime 
5f37a3bd08ac1c7d163294a3cb192ed1407b62bbc6a6259fee55f6e53f754273
5f37a3bd08ac1c7d163294a3cb192ed1407b62bbc6a6259fee55f6e53f754273 -->  
XzejvQisHH0WMpSjyxku0UB7YrvGpiWf7lX25T91QnM


Hash: 
$pbkdf2-sha256$100000$XzejvQisHH0WMpSjyxku0UB7YrvGpiWf7lX25T91QnM$5lgU5DgnWfhVUAKecj3H5w

$ cat in
$pbkdf2-sha256$100000$5lgU5DgnWfhVUAKecj3H5w$XzejvQisHH0WMpSjyxku0UB7YrvGpiWf7lX25T91QnM

$ echo -n "governor washout beak" | ./john -pipe in
Using default input encoding: UTF-8
Loaded 1 password hash (PBKDF2-HMAC-SHA256 [PBKDF2-SHA256 256/256 AVX2 8x])
Cost 1 (iteration count) is 100000 for all loaded hashes
Press Ctrl-C to abort, or send SIGUSR1 to john process for status
governor washout beak (?)
1g 0:00:00:00  4.219g/s 4.219p/s 4.219c/s 4.219C/s governor washout beak
Use the "--show" option to display all of the cracked passwords reliably
Session completed

@magnum, you can not use base64 on a hex encoded string.  You first have 
to 'de' hex it into raw, then base64 that raw data.  That is why I use 
the tools available within john.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.