Date: Thu, 28 Feb 2019 11:00:57 -0600 From: jfoug <jfoug.openwall@....net> To: john-users@...ts.openwall.com Subject: Re: prepending and appending salts in dynamic formats On 2/28/2019 10:08 AM, Royce Williams wrote: > This Stack Exchange question: > > https://security.stackexchange.com/questions/204439/best-tool-for-cracking-sha-1s-with-unique-pre-and-post-salts > > ... led me to discover that the dynamic format language has a way to > prepend two different salts, but apparently no explicitly append a salt? > (Is this correct?) > The way dynamic is written, there is no 'generic' way to prepend anything. Everything is appended to the growing string, in order. There were a few 'enhancements' made to allow some specific appending for a few formats, but nothing that is 'generic'. There are some 'overwrite' functions, also a few length setting functions. These really only work for appending, IF we have things like a fixed length salt, and also likely a fixed length rest of the input. See dynamic_12 layout (in dyanamic_preloads.c) to see an example: md5(md5($s).md5($p)) In this format, we store the salt as md5($s) (so it is only done at startup time). Also, in this format, we have a FIXED size salt (32 bytes). Also in this format, every password is exactly 32 bytes, since it really is the md5($p) So here, we can do an overwrite, and then set the length to be 64 bytes. However, for something 'generic', for something like: sha1($s.$p.$s2) where $s might be 6-12 bytes, $p is arbitrary in size, then the best way to handle this, really is to clear the buffer, append the salt, append the password, then append the salt2. There 'could' be ways to do this, BUT trying to add prepend into dynamic in a 'generic' manner, would greatly increase the size and complexity of dynamic, which already is very bloated, and very-very complex. For making john the 'best' tool for doing sha1($s.$p.$s2), you really SHOULD write a custom native format. However, a format that 'does' work (better than nothing), is: $../run/john -test -form='dynamic=sha1($s.$p.$s2)' Benchmarking: dynamic=sha1($s.$p.$s2) [128/128 SSE2 4x1]... DONE Many salts: 1952K c/s real, 2823K c/s virtual Only one salt: 1293K c/s real, 1928K c/s virtual No code at all, simply uses the built-in john dynamic 'compiler'. It is certainly not as fast as could be built, BUT all depends upon how much work really needs to be done with the sha1($s.$p.$s2) format. If there are 100's of thousands of hashes, and there will be many CPU years of work being done, then it would make sense to write a much faster custom format. If however, there are 100's and you are simply interested in cracking 'some' of them, then the time required to write something custom, would be a waste, as the dynamic compiler format would likely crack them way before the custom format was written.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.