Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 May 2019 15:44:40 +0200
From: Solar Designer <>
Subject: Re: SSHA256 (32bit hash, 32bit salt)

Hi Jason,

On Wed, May 22, 2019 at 09:34:30AM +1000, Jason Thomas wrote:
> Can someone help me work out how to handle this format in JTR.
> I tried dynamic_62 and it did not find any hashes.

You can in fact use dynamic_62 for this, but you need to re-encode the
hashes for it, see below:

> Example hash below:
> userid:password_hash
> 9430645:{SSHA256}qtLYMs6YUpOlgtjBFTlDpLZ/V0Or6nHhfEgx5h9W6JfnBP0YqBMlMN2dmp7ARN3GNDmhe2l7nNOxnSvlQN3R8w==
> Password is Abcd1234!

$ cat

use MIME::Base64;

while (<>) {
	($user, $delim, $pass) = /^([^:]*)(:)([^:]*)$/;
	$pass = $_ if (!defined($pass));
	($bin_hash, $bin_salt) = unpack('a32 a*', decode_base64($pass));
	$new = '$dynamic_62$' . unpack('H*', $bin_hash) . '$HEX$' . unpack('H*', $bin_salt);
	if (defined($user)) {
		print "$user:$new\n";
	} else {
		print "$new\n";
$ cat pw
$ ./ < pw > pwd
$ cat pwd
$ cat w
$ ./john -w=w -form=dynamic_62 pwd
Using default input encoding: UTF-8
Loaded 1 password hash (dynamic_62 [sha256($p.$s) 128/128 AVX 4x])
Warning: no OpenMP support for this hash type, consider --fork=32
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidate left, minimum 24 needed for performance.
Abcd1234!        (9430645)
1g 0:00:00:00 DONE (2019-05-26 15:37) 5.263g/s 5.263p/s 5.263c/s 5.263C/s Abcd1234!
Use the "--show --format=dynamic_62" options to display all of the cracked passwords reliably
Session completed
$ ./john --show --format=dynamic_62 pwd

1 password hash cracked, 0 left

> I think the issue is the salt is 32bit.

It's actually 32 bytes, or 256-bit.

What kind of system did this hash come from?  Should we add better
support for it to JtR, so that the re-encoding would be unnecessary?

I notice we have support for hashes tagged {SSHA} and {SSHA512}, but
currently not for {SSHA256}.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.