Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <loom.20130416T224403-40@post.gmane.org>
Date: Tue, 16 Apr 2013 21:11:51 +0000 (UTC)
From: john user <johnuser1243@...oo.com>
To: john-dev@...ts.openwall.com
Subject: Bug report: specific hex salted hash failure

I am working with the salted hashes and John 1.7.9 Jumbo 7
make linux-x86-64 was my build command.

Here is a possible bug report

simple Python script to generate the dynamic_1007 
md5(md5($p).$s) list for some specific words and salts

specific problem salt value is "$U["


in hash$HEX$<hex salt>:word format

[code]
#!/usr/bin/python
import os
import sys
import md5
import string

salts=["$U[","111","1$1"]
words=["20110204062217","ascii"]

#convert the salt field into a hex salt


def stohex(ins):
    return ''.join(hex(ord(x))[2:] for x in ins)

for k in range(len(salts)):
    for j in range(len(words)):
         l=md5.new()
         p=md5.new()
         l.update(words[j]) # innermost md5
         p.update(l.hexdigest()+salts[k]) # last md5 + salt
# print in JTR format hash$HEX$hexsalt_value:plaintext
         print p.hexdigest()+"$HEX$"+stohex(salts[k])+":"+words[j]

[/code]

the execution of my test is as follows

#generate example file
./script.py > outfile

#split into hash and wordlist
cut -f1 -d: outfile > hashes.txt
cut -f2- -d: outfile > wordlist

#run john test for dynamic_1007
./john --format=dynamic_1007 --wordlist=wordlist hashes.txt

output
Loaded 6 password hashes with 3 different salts (dynamic_1007
md5(md5($p).$s) (vBulletin) [128/128 SSE2 intrinsics 10x4x3])
Remaining 2 password hashes with no different salts

thought might be related to the SSE2 implementation but setting a flag in
dynamic.conf
Flag=MGF_NOTSSE2Safe
for format dynamic_1007 gave me this output on a new test run

Loaded 6 password hashes with 3 different salts (dynamic_1007
md5(md5($p).$s) (vBulletin) [32/64 64x2 (MD5_Body)])
Remaining 2 password hashes with no different salts

I am just very curious why only a specific salt value fails.

also can play with these 3 byte salt values below which are an issue to me.

$Uc
$2O
$2S
$2n
$Ux
$2w
$U_
$Uj
$22
$U&

 if any devel could look at this it would be appreciated.

Thanks

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.