Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 22 Nov 2015 20:57:59 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: hash type identification

On Sun, Nov 22, 2015 at 7:38 PM, Solar Designer <solar@...nwall.com> wrote:
> Somehow people are developing scripts like this:
>
> http://www.smeegesec.com/2013/11/hashtag-password-hash-identification.html
> https://github.com/sam-b/HashData
> https://code.google.com/p/hash-identifier/
> https://github.com/JoeGlancy/whatisit
>
> The latest one of these is just a day old.  I wonder what causes this.
> Do people feel there's functionality missing?  Or do they prefer a
> pure scripting language solution, without a dependency on JtR?
Contest's I've been in that don't specify the format, or dumps I've
found JtR gives you 5 or more choices in some cases and it's difficult
to figure out which one to try all your efforts on. The
Hash-Identifier can help, but you can still have 2-3 after it guesses.
I don't know if there is JtR functionality missing, aside from forking
the hashes into each possible choice and seeing which on gets a hit
first. Even then if you have mixed hashes, you could still end up with
multiple types (LM-halfLM-half and NT look the same). There are dozens
of choices sometimes, so I don't think there is anything missing other
than narrowing the hashes down to the exact type by trying each type,
and there isn't much you can do just by "looking" at them :)
>
> There are also web pages like:
>
> http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats
>
> and we have some of our own, linked from the /john summary page:
>
> http://openwall.info/wiki/john/sample-hashes
> http://openwall.info/wiki/john/sample-non-hashes
>
> and not linked from anywhere on the wiki itself, yet somehow found by
> the author of "whatisit":
>
> http://openwall.info/wiki/john/hash-formats
The Pentestmonkey cheat-sheet actually inspired me to make that page.
I have not contributed to it in a long time, and I didn't know what to
do with it at the time.
> To me, the hash-formats wiki page doesn't make much sense: it starts by
> describing the file format, and proceeds with detail on a weird subset
> of the hash types.  I think it'd make more sense to have a wiki page on
> the file format only, with links to the sample (non-)hash pages.  Maybe
> one (or more) of us will correct this.
I can certainly split out the hashes or file formats into other pages,
but I like having them on one, perhaps I can better delineate the page
with a index/headings. I started with the hashes I knew best or had
the best documentation in their "test" routines or readme.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.