Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120406230426.GB31246@openwall.com>
Date: Sat, 7 Apr 2012 03:04:26 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: zero-salted sha1 (mac os x 10.4 hash) cracking

Hi,

I was hoping someone else would respond. ;-)

On Thu, Apr 05, 2012 at 05:50:29AM +0000, asdf asdf wrote:
> Hello,I have a small question about John the Ripper. I have a hash of a password in Mac OS X 10.4 (so it's zero-salted sha1, meaning the first 8 characters are the salt and are all 0). How do I get John to crack this?

It should be correctly autodetected by any version of John that supports
those hashes - such as jumbo or JtR Pro.  You don't need to do anything
special for this to happen.

> I tried SHA1p with an added salt, but it didn't recognise it.

Indeed.  Mac OS X hashes use a binary salt of a fixed size.  The correct
JtR "format" for hashes used by 10.4 through 10.6 is called XSHA, but
you don't need to specify it explicitly (although you may).  The $SHA1p$
hash encoding prefix is recognized by the sha1-gen format, which is
similar, except that it uses variable-length ASCII salts.

> Without specifying a salt, it did recognise it as "password hash (Mac OS X 10.4 - 10.6 salted SHA-1 [32/64])",

That's right.

> but since I got the salt, it would be a lot quicker if I could specify it, right?

No, it extracted the salt from your 48-char string already.

> So my question is: Can I specify a salt for Mac OS X passwords? If so how, if not, what would be a workaround.

You've already specified the salt in that 48-char string.  You don't
need to do anything else about that.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.