Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130208225332.GA16700@openwall.com>
Date: Sat, 9 Feb 2013 02:53:32 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

On Fri, Feb 08, 2013 at 03:14:44PM -0700, Stephen John Smoogen wrote:
> On 8 February 2013 13:24, Jon Schipp <jonschipp@...il.com> wrote:
> > I have a salted SHA-512 hash that I'm having trouble cracking, it's from an
> > AIX 5.3 OS, using their Pluggable Authentication Modules.
> > The /etc/security/passwd file has account information in stanzas:
> >
> > test:
> >         password =
> > {ssha512}06$aXayEJGxA02Bl4d2$TWfWx34oD.UjrS/Qtco6Ij2XPY1CPYJfdk3CcxEjnMZvQw2p5obHYH7SI2wxcJgaS9.S9Hz948R.GdGwsvR...

Wow, we were not aware of the "{ssha512}06" prefix for sha512crypt
hashes (which I hope what they are).  JtR will load the line above if
you change "{ssha512}06" to "$6" as Stephen correctly suggested, but you
also need to use a version/build of JtR supporting sha512crypt either
natively or via the underlying OS.

> > Do any of the releases support SSHA-512? I'm currently trying with
> > john-1.7.9-jumbo-5-macosx-Intel-2.

That version is too old for sha512crypt on Mac OS X.  You need at least
1.7.9-jumbo-6, or alternatively you may run any version 1.7.6 or newer
on Linux or Solaris.

You may download a newer build for Mac OS X here:

http://openwall.info/wiki/john/custom-builds#Compiled-for-Mac-OS-X

... or you may do your own build of an even newer version (such as from
our git repository).

> > And does the "raw" in raw-sha512 mean without salt?

Yes, and besides your hash is not merely salted, it is a very specific
algorithm that also involves a large number of iterations.

> $6$aXayEJGxA02Bl4d2$TWfWx34oD.UjrS/Qtco6Ij2XPY1CPYJfdk3CcxEjnMZvQw2p5obHYH7SI2wxcJgaS9.S9Hz948R.GdGwsvR...

This works, although I suspect that Jon replaced some chars with dots
(it is uncommon to see this many dots).

> and see if it is accepted as that.

I've just tested with bleeding-jumbo (built as linux-x86-64-gpu and with
OpenMP enabled), it is accepted.

$ ./john pw 
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-opencl"
Use the "--format=sha512crypt-opencl" option to force loading these as that type instead
Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-cuda"
Use the "--format=sha512crypt-cuda" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64 OpenSSL])
guesses: 0  time: 0:00:00:27 33.38% (2) (ETA: Sat Feb  9 02:52:44 2013)  c/s: 1985  trying: rose0 - asdf0

$ ./john pw -form=sha512crypt-opencl
Device 0: GeForce GTX 570 
[...]
guesses: 0  time: 0:00:11:28 0.00% (3)  c/s: 13239  trying: baynd1 - bmday7

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.