Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <55189280.6020007@openwall.com>
Date: Mon, 30 Mar 2015 03:02:08 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Lengths of fields recorded in hashes

On 2015-03-23 04:37, magnum wrote:
> On 2015-03-23 00:21, Alexander Cherepanov wrote:
>> For some formats, hashes contain variable-length data (say, encoded in
>> hex) and the length of this data is also recorded in the hashes. One of
>> the examples is 7z format which contains 3 data field (salt, iv, data)
>> and 3 lengths for them.
>> I think their inclusion was an error and they should be removed. Mainly
>> because they are useless and only complicate things.
>
> I agree, except I may or may not agree they should be removed.
>
>> I propose the following plan:
>> 1) gradually rewrite valid()s and get_salt()s to ignore lengths recorded
>> in hashes;
>
> IMHO: As long as we accept the length field at all, valid() should
> verify that it matches actual data length. But binary() and salt() can
> just ignore it.

Well, Ok. Maybe it's not that hard to support lengths after all. Perhaps 
we can return to this question later.

>> 2) change the format of hashes in john and in 2john tools at some later
>> point.
>>
>> Can we change format of such hashes at will (by requiring to always use
>> john and 2john tools of matching versions)?
>
> I recall we changed some OSX format and later found out the "Dave tool",
> or whatever it was called, outputs the old format. Also, lots of formats
> are added to Hashcat with same syntax as JtR. So before changing a
> format we must ensure we wont regret it.

Is there a list of john formats supported by Hashcat?

> I think it may be best (in general) to just keep these formats as-is and
> do a better job with future formats.

Ok, but do we understand what we want to keep? Take for example 7z 
format. All test hashes look like this:

$7z$0$19$0$1122$8$d1f50227759415890000000000000000$1412385885$112$112$5e5b8...
          ^1^^^^2^3^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^4

The part 1 above ($0$) is supposed to be the length of salt -- the part 
2 ($1122$) -- and the part 3 ($8$) is supposed to be the length of iv -- 
the part 4 ($d1f50227759415890000000000000000$). Both are bogus. Right 
now, the salt and its length are just both ignored and there is some 
hack for iv which probably works only for iv lengths <= 8.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.