|
Message-ID: <CA+E3k91eTX7r7=PEgPKVbRkgYXjSYjU2BHPwupr=0_B2MVV63w@mail.gmail.com> Date: Fri, 29 Sep 2017 16:18:53 -0800 From: Royce Williams <royce@...ho.org> To: john-users@...ts.openwall.com Subject: Re: RFC: Hashkiller Rosetta Stone (Apologies for the duplicate post; I've arbitrarily picked the other one: http://www.openwall.com/lists/john-users/2017/09/29/6 ... as the "real" one, and will tie this thread off) On Fri, Sep 29, 2017 at 2:29 PM, magnum <john.magnum@...hmail.com> wrote: > On 2017-09-29 17:13, Royce Williams wrote: > >> I'm working on a Hashkiller Rosetta stone (list of upload formats >> supported >> by Hashkiller, and how to use those modes in hashcat, john, and MDXfind. >> >> A draft is here: >> >> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757 >> >> Any help/tips appreciated. I don't know the underlying algorithm of many >> product-specific formats, so I'm almost certainly missing some obvious >> ones. >> >> My future ambition is to expand this concept to be a Rosetta Stone for the >> superset of all formats supported by any known product. Small steps first. >> :) >> > > Most formats consisting of a combination of simple primitives, like > 'md5(md5($pass).md5($salt))' are possible in JtR on CPU using the "dynamic > compiler" format. That very example would be written like this: > > $ ../run/john -test -form:dynamic='md5(md5($pass).md5($salt))' > Benchmarking: dynamic=md5(md5($p).md5($s)) [128/128 AVX 4x3]... DONE > Many salts: 12448K c/s real, 12573K c/s virtual > Only one salt: 5458K c/s real, 5404K c/s virtual > > It can do many crazy combinations that is (probably) not used anywhere: > > $ ../run/john -test -form:dynamic='sha1(md5(md4($pass).$salt))' > Benchmarking: dynamic=sha1(md5(md4($p).$s)) [128/128 AVX 4x1]... DONE > Many salts: 5816K c/s real, 5816K c/s virtual > Only one salt: 5340K c/s real, 5340K c/s virtual > > Sometimes it's not very fast, but it's always there - very handy. Note > that any time there is a dedicated format for your need, you can bet that > one is faster, and sometimes a LOT faster, than this "dynamic compiler" > stuff. > Indeed. As noted in the other thread, I will try to make that clear in the table somehow when I move it from a gist to something more durable. > On another note, I'd add input syntax (or sample hashes) to the Rosetta > Stone if I were you. Sometimes they differ, especially in how/where you > specify the salt. Hashcat uses hash:salt while JtR never EVER has a ':' > within a ciphertext (it's impossible, by design, and that makes the pot > file unambigous). > Sometimes the various crackers also differ in whether they want the salt > as plaintext or hexified, and (if plaintext) they might have different ways > to hex-escape stuff (eg. hashcat $HEX[cafe] vs. JtR $HEX$cafe) > Yes, syntax would be key for a Rosetta Stone! I do intend to make sure to include it. Making it directly verifiable by example is the best way to ensure that people can be confident in the accuracy. Thanks! Royce
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.