Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Aug 2019 12:10:50 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Truncated hashes with DYNAMIC mode

On 2019-08-02 16:42, Royce Williams wrote:
> On Fri, Aug 2, 2019 at 5:29 AM Solar Designer <solar@...nwall.com> wrote:
> 
>> On Wed, Jul 31, 2019 at 11:22:22AM -0400, Matt Weir wrote:
>>> I'm looking for a way to utilize dynamic mode to generate vanity hashes.
>>> For example, finding a raw-MD5 hash that starts with '12345'. I've been
>>> looking through the documentation for dynamic, but I'm missing how to
>> only
>>> check a subset of the final hash vs the target. Is that possible, and how
>>> would I go about doing that? Bonus points if I can utilize the command
>> line
>>> dynamic expressions.
>>
>> I'm afraid this isn't supported, but I'd like JimF to confirm this and
>> consider adding such functionality.
>>
> 
> That would be fantastic! I've long argued that such searching, if done in a
> way that is low overhead for the maintainers of the tool (who are usually
> not me, since my programming skills are limited), belong in the cracking
> suites themselves rather than reinvented poorly or narrowly in other
> frameworks. Of course, I understand that non-specialization also means that
> some optimization opportunities must be discarded, so I also support
> dedicated external tools when executed well. But I think that having this
> in dynamic mode would be worth the trade-off.

Well you could open an issue for it for RFC/discussion. For example, how 
would we format the input? Would we always want hashes that starts with 
"deadbeef" or sometimes only ends with it, or any of them? Or even 
"deadbeef" somewhere/anywhere in it (that would likely be awfully slow)?

Also, would we want the cleartext that produces such vanity hash to be a 
printable one actually usable as a password, or more or less any binary? 
As mentioned recently, binary brute-force hasn't been within our scope 
but we're considering changing that.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.