Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190414194725.GA7092@openwall.com>
Date: Sun, 14 Apr 2019 21:47:26 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Cc: Denis Burykin <apingis@...nwall.net>
Subject: Re: sha512crypt & Drupal 7+ password cracking on FPGA

Hi Royce,

Thank you for helping test this, finally.

On Sun, Apr 14, 2019 at 09:26:41AM -0800, Royce Williams wrote:
> First, I tried length 6:
> 
> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='?2?2?2?2?2?2'
> --format=sha512crypt-ztex --verbosity=1 --progress-every=60
> pw-sha512crypt.samesalt.len6
> ZTEX 10 bus:1 dev:122 Frequency:160 160 160 160
> ZTEX 11 bus:1 dev:118 Frequency:160 160 160 160
> ZTEX 12 bus:1 dev:113 Frequency:160 160 160 160
> ZTEX 13 bus:1 dev:123 Frequency:160 160 160 160
> ZTEX 14 bus:1 dev:119 Frequency:160 160 160 160
> ZTEX 15 bus:1 dev:114 Frequency:160 160 160 160
> ZTEX 16 bus:1 dev:111 Frequency:160 160 160 160
> ZTEX 17 bus:1 dev:126 Frequency:160 160 160 160
> ZTEX 18 bus:1 dev:117 Frequency:160 160 160 160
> ZTEX 19 bus:1 dev:112 Frequency:160 160 160 160
> ZTEX 20 bus:1 dev:121 Frequency:160 160 160 160
> ZTEX 21 bus:1 dev:116 Frequency:160 160 160 160
> ZTEX 22 bus:1 dev:110 Frequency:160 160 160 160
> ZTEX 23 bus:1 dev:120 Frequency:160 160 160 160
> ZTEX 24 bus:1 dev:115 Frequency:160 160 160 160
> ZTEX 25 bus:1 dev:109 Frequency:160 160 160 160
> Using default input encoding: UTF-8
> Loaded 512 password hashes with no different salts (sha512crypt-ztex,
> crypt(3) $6$ [sha512crypt ZTEX])
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 58g 0:00:00:06 11.20% (ETA: 06:42:44) 8.567g/s 1058Kp/s 1058Kc/s 514873KC/s
> AEE5B2..14D932
> 510g 0:00:00:59 99.20% (ETA: 06:42:50) 8.517g/s 1060Kp/s 1060Kc/s
> 278632KC/s I0A69J..1BB99J
> Session completed
> 
> This completed so quickly that I wasn't sure if it would be a good
> benchmark, so I generated some 7-character ones as well.

Yeah.  A side-effect of "--verbosity=1" is that it hides not only the
cracked passwords, but also warnings about under-full buffers, from
which you'd know when and roughly to what extent this might have become
suboptimal for having too few candidate passwords left to test.

Also, was this supposed to crack all 512 hashes, but somehow cracked
only 510?  You could repeat the command to confirm it'd crack the
remaining 2, indicating that something went slightly wrong the first
time (perhaps some of the board(s) being somewhat unreliable running
this design at this frequency).

> I tried to replicate Solar's results with respect to frequency, but had
> problems. I improved some cooling which seemed to help for a time - the
> temperatures were previously only ~117F/47C, and I got them down to
> ~90F/32C - but I was unable to reach cluster-wide stability, even at 135:

Even though our sha512crypt+Drupal7 is the most power-hungry of the 5
designs, I doubt that temperatures are your problem.  It's more like
differences across boards and FPGAs.  Given your observations, it is
likely that some board(s) or some individual FPGAs in your cluster won't
run this 100% reliably.  However:

> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='?2?2?2?2?2?2?2'
> --format=sha512crypt-ztex --verbosity=1 --progress-every=60
> pw-sha512crypt.samesalt.len7
> ZTEX 10 bus:1 dev:75 Frequency:135 135 135 135
[...]
> 512g 0:00:28:50 99.90% (ETA: 15:19:17) 0.2957g/s 738755p/s 738755c/s
> 183335KC/s 4I4B4JJ..1CJ14JJ
> Session completed

It looks like despite of the occasional timeouts from 3 of the boards,
you did get all 512 hashes cracked this time.  That's what matters the
most.  So you might want to choose settings where everything does get
cracked, and accept occasional recoverable errors and timeouts.  This
might be a clock rate just slightly lower than 160, maybe.

> I'm not confident in making any thermal conclusions. I am using a
> laser-pointer-style non-contact thermal probe, and while I believe it to be
> accurate, I can only perform ad-hoc manual checks of specific boards and
> FPGAs. I wasn't able to detect excessive temperatures for the boards that
> timed out. But this is less scientific and less reliable than if thermal
> information was directly available as part of ZTEX support, so I don't
> think I can conclude anything solid there.

Regardless of temperatures, this design was sort of supposed to run at
215 MHz - but it doesn't.  Our choice of 160 MHz for the default
frequency is based solely on our own testing.  It is not surprising that
among your cluster there are boards or individual FPGAs that don't fully
manage this.  I doubt you'd fully fix that with any kind of cooling.

> For further testing, being able to specify frequency on a per-board basis,
> as is possible with other ZTEX algorithms, would be useful.

The same syntax should work just fine for all *-ztex formats - you can
specify frequencies per-board and per-FPGA.  But there's little point in
doing that because our host-side code is synchronous and thus the
resulting performance will correspond to the lowest of the frequencies.

> Also, here is hashcat (recent GitHub) working on the same 512 same-salt
> hashes, to show hashcat's real-world performance:

Thanks!  So hashcat's performance on your 6x GTX 1080 is inbetween your
135 MHz and 160 MHz tests on your ZTEX cluster.

Some more comments inline, with some overquoting:

> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='?2?2?2?2?2?2?2'
> --format=sha512crypt-ztex --verbosity=1 --progress-every=60
> pw-sha512crypt.samesalt.len7
> ZTEX 10 bus:1 dev:122 Frequency:160 160 160 160
> ZTEX 11 bus:1 dev:118 Frequency:160 160 160 160
> ZTEX 12 bus:1 dev:113 Frequency:160 160 160 160
> ZTEX 13 bus:1 dev:123 Frequency:160 160 160 160
> ZTEX 14 bus:1 dev:119 Frequency:160 160 160 160
> ZTEX 15 bus:1 dev:114 Frequency:160 160 160 160
> ZTEX 16 bus:1 dev:111 Frequency:160 160 160 160
> ZTEX 17 bus:1 dev:126 Frequency:160 160 160 160
> ZTEX 18 bus:1 dev:117 Frequency:160 160 160 160
> ZTEX 19 bus:1 dev:112 Frequency:160 160 160 160
> ZTEX 20 bus:1 dev:121 Frequency:160 160 160 160
> ZTEX 21 bus:1 dev:116 Frequency:160 160 160 160
> ZTEX 22 bus:1 dev:110 Frequency:160 160 160 160
> ZTEX 23 bus:1 dev:120 Frequency:160 160 160 160
> ZTEX 24 bus:1 dev:115 Frequency:160 160 160 160
> ZTEX 25 bus:1 dev:109 Frequency:160 160 160 160
> Using default input encoding: UTF-8
> Loaded 512 password hashes with no different salts (sha512crypt-ztex,
> crypt(3) $6$ [sha512crypt ZTEX])
> 
> SN 15: Timeout.
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 1g 0:00:00:01 0.15% (ETA: 06:19:24) 0.5154g/s 989690p/s 989690c/s
> 506721KC/s 6J6BD11..1CJ1711
> Found 1 device(s) ZTEX 1.15y
> SN: 15 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:114
> 27g 0:00:01:00 4.72% (ETA: 06:29:27) 0.4432g/s 992777p/s 992777c/s
> 501968KC/s 1111001..1CJ1001
> 60g 0:00:02:00 9.38% (ETA: 06:29:38) 0.4968g/s 993706p/s 993706c/s
> 485368KC/s 11116IA..1CJ16IA
> 81g 0:00:03:00 14.03% (ETA: 06:29:41) 0.4485g/s 994185p/s 994185c/s
> 469888KC/s 2C2E9H2..1CJ1292
> 97g 0:00:04:00 18.68% (ETA: 06:29:43) 0.4036g/s 994839p/s 994839c/s
> 456996KC/s 111188B..1CJ188B
> 122g 0:00:05:00 23.32% (ETA: 06:29:43) 0.4065g/s 994802p/s 994802c/s
> 445657KC/s A4E93G3..1CJ14G3
> 152g 0:00:06:00 28.05% (ETA: 06:29:41) 0.4211g/s 994901p/s 994901c/s
> 434090KC/s 111137C..1CJ137C
> SN 10: Timeout.
> 159g 0:00:07:27 29.32% (ETA: 06:33:42) 0.3551g/s 838493p/s 838493c/s
> 362587KC/s 11114IC..1CJ14IC
> Found 1 device(s) ZTEX 1.15y
> SN: 10 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:122
> SN 16: Timeout.
> 170g 0:00:09:01 31.12% (ETA: 06:37:15) 0.3141g/s 736264p/s 736264c/s
> 314337KC/s 1111634..1CJ1634
> Found 1 device(s) ZTEX 1.15y
> SN: 16 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:111
> SN 14: Timeout.
> 192g 0:00:10:54 34.42% (ETA: 06:39:56) 0.2935g/s 673627p/s 673627c/s
> 281410KC/s 12JD7I4..1CJ18I4
> Found 1 device(s) ZTEX 1.15y
> SN: 14 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:119
> 197g 0:00:11:00 34.95% (ETA: 06:39:46) 0.2980g/s 676915p/s 676915c/s
> 282094KC/s 752HHJ4..1CJ19J4
> 217g 0:00:12:00 39.60% (ETA: 06:38:36) 0.3010g/s 703169p/s 703169c/s
> 283809KC/s 111150D..1CJ150D
> 237g 0:00:13:00 44.25% (ETA: 06:37:40) 0.3035g/s 725465p/s 725465c/s
> 283842KC/s 11111I5..1CJ11I5
> 258g 0:00:14:00 48.90% (ETA: 06:36:55) 0.3069g/s 744646p/s 744646c/s
> 282441KC/s 6CCAFHE..1CJ17HE
> SN 17: Timeout.
> 263g 0:00:15:27 50.17% (ETA: 06:39:04) 0.2836g/s 692725p/s 692725c/s
> 260356KC/s 1111816..1CJ1816
> Found 1 device(s) ZTEX 1.15y
> SN: 17 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:126
> 279g 0:00:16:00 52.80% (ETA: 06:38:36) 0.2903g/s 703274p/s 703274c/s
> 259814KC/s 11113F6..1CJ13F6
> SN 12: Timeout.
> 300g 0:00:17:51 55.95% (ETA: 06:40:12) 0.2799g/s 668277p/s 668277c/s
> 241223KC/s 11119BF..1CJ19BF
> Found 1 device(s) ZTEX 1.15y
> SN: 12 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:113
> 305g 0:00:18:00 56.62% (ETA: 06:40:05) 0.2823g/s 670924p/s 670924c/s
> 240890KC/s 111164F..1CJ164F
> SN 22: Timeout.
> 309g 0:00:19:15 56.92% (ETA: 06:42:05) 0.2675g/s 630791p/s 630791c/s
> 225933KC/s G6717DF..1CJ18DF
> Found 1 device(s) ZTEX 1.15y
> SN: 22 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:110
> 326g 0:00:20:00 60.45% (ETA: 06:41:23) 0.2715g/s 644552p/s 644552c/s
> 224797KC/s 11119A7..1CJ19A7
> 352g 0:00:21:00 65.10% (ETA: 06:40:33) 0.2792g/s 661102p/s 661102c/s
> 222303KC/s F2CIC1G..1CJ151G
> 375g 0:00:22:00 69.75% (ETA: 06:39:50) 0.2840g/s 676199p/s 676199c/s
> 218928KC/s 11111JG..1CJ11JG
> 392g 0:00:23:00 74.40% (ETA: 06:39:12) 0.2840g/s 690011p/s 690011c/s
> 214915KC/s J33D5I8..1CJ17I8
> 411g 0:00:24:00 79.12% (ETA: 06:38:37) 0.2852g/s 702864p/s 702864c/s
> 210616KC/s J463D9H..1CJ169H
> 430g 0:00:25:00 83.78% (ETA: 06:38:08) 0.2865g/s 714484p/s 714484c/s
> 205758KC/s 11112H9..1CJ12H9
> SN 23: Timeout.
> 435g 0:00:26:26 84.90% (ETA: 06:39:25) 0.2742g/s 685139p/s 685139c/s
> 195330KC/s 7G3D6J9..1CJ17J9
> Found 1 device(s) ZTEX 1.15y
> SN: 23 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:120
> 454g 0:00:27:00 87.60% (ETA: 06:39:07) 0.2800g/s 691746p/s 691746c/s
> 192658KC/s 6JFDB6I..1CJ156I
> 472g 0:00:28:00 92.25% (ETA: 06:38:39) 0.2808g/s 702497p/s 702497c/s
> 187578KC/s FCC3H50..1CJ11E0
> 494g 0:00:29:00 96.90% (ETA: 06:38:13) 0.2837g/s 712504p/s 712504c/s
> 182040KC/s 7053DDJ..1CJ17DJ
> 512g 0:00:29:39 99.90% (ETA: 06:37:58) 0.2877g/s 718624p/s 718624c/s
> 178285KC/s 4I4B4JJ..1CJ14JJ
> Session completed

This looks a bit weird to me: not too many timeouts, yet the average
speed reduced to ~70% of what it'd be expected to be without timeouts.
I'd expect a higher average speed from this.  The good news is all 512
got cracked regardless.

> I am not sure how to calculate reasonable frequencies, so I guessed 150 and
> tried again:
> 
> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='?2?2?2?2?2?2'
> --format=sha512crypt-ztex --verbosity=1 --progress-every=60
> pw-sha512crypt.samesalt.len6
> ZTEX 10 bus:1 dev:122 Frequency:150 150 150 150
> ZTEX 11 bus:1 dev:118 Frequency:150 150 150 150
> ZTEX 12 bus:1 dev:113 Frequency:150 150 150 150
> ZTEX 13 bus:1 dev:123 Frequency:150 150 150 150
> ZTEX 14 bus:1 dev:119 Frequency:150 150 150 150
> ZTEX 15 bus:1 dev:114 Frequency:150 150 150 150
> ZTEX 16 bus:1 dev:111 Frequency:150 150 150 150
> ZTEX 17 bus:1 dev:126 Frequency:150 150 150 150
> ZTEX 18 bus:1 dev:117 Frequency:150 150 150 150
> ZTEX 19 bus:1 dev:112 Frequency:150 150 150 150
> ZTEX 20 bus:1 dev:121 Frequency:150 150 150 150
> ZTEX 21 bus:1 dev:116 Frequency:150 150 150 150
> ZTEX 22 bus:1 dev:110 Frequency:150 150 150 150
> ZTEX 23 bus:1 dev:120 Frequency:150 150 150 150
> ZTEX 24 bus:1 dev:115 Frequency:150 150 150 150
> ZTEX 25 bus:1 dev:109 Frequency:150 150 150 150
> Using default input encoding: UTF-8
> Loaded 512 password hashes with no different salts (sha512crypt-ztex,
> crypt(3) $6$ [sha512crypt ZTEX])
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 66g 0:00:00:08 12.80% (ETA: 06:40:44) 8.000g/s 992969p/s 992969c/s
> 478859KC/s FA6JE2..14D3F2
> 237g 0:00:00:29 46.40% (ETA: 06:40:44) 7.937g/s 994507p/s 994507c/s
> 401337KC/s 72983E..14D7CE
> 482g 0:00:01:00 94.40% (ETA: 06:40:45) 7.931g/s 994174p/s 994174c/s
> 272930KC/s I11DI0..14D7I0
> 510g 0:00:01:03 99.20% (ETA: 06:40:45) 7.984g/s 994019p/s 994019c/s
> 260941KC/s I0A69J..1BB99J
> Session completed

Again only 510 cracked.  Looks like some boards either timeout (and are
then temporarily unused, which helps get everything cracked by the rest
of the boards) or miss guesses, even at 150.

> But even that was not reliable for all boards for longer periods of time
> (though it was better):
> 
> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='?2?2?2?2?2?2?2'
> --format=sha512crypt-ztex --verbosity=1 --progress-every=60
> pw-sha512crypt.samesalt.len7
> ZTEX 10 bus:1 dev:122 Frequency:150 150 150 150
> ZTEX 11 bus:1 dev:118 Frequency:150 150 150 150
> ZTEX 12 bus:1 dev:113 Frequency:150 150 150 150
> ZTEX 13 bus:1 dev:123 Frequency:150 150 150 150
> ZTEX 14 bus:1 dev:119 Frequency:150 150 150 150
> ZTEX 15 bus:1 dev:114 Frequency:150 150 150 150
> ZTEX 16 bus:1 dev:111 Frequency:150 150 150 150
> ZTEX 17 bus:1 dev:126 Frequency:150 150 150 150
> ZTEX 18 bus:1 dev:117 Frequency:150 150 150 150
> ZTEX 19 bus:1 dev:112 Frequency:150 150 150 150
> ZTEX 20 bus:1 dev:121 Frequency:150 150 150 150
> ZTEX 21 bus:1 dev:116 Frequency:150 150 150 150
> ZTEX 22 bus:1 dev:110 Frequency:150 150 150 150
> ZTEX 23 bus:1 dev:120 Frequency:150 150 150 150
> ZTEX 24 bus:1 dev:115 Frequency:150 150 150 150
> ZTEX 25 bus:1 dev:109 Frequency:150 150 150 150
> Using default input encoding: UTF-8
> Loaded 512 password hashes with no different salts (sha512crypt-ztex,
> crypt(3) $6$ [sha512crypt ZTEX])
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 27g 0:00:01:00 4.72% (ETA: 07:06:50) 0.4445g/s 994665p/s 994665c/s
> 501486KC/s 1117I01..14D7I01
> 59g 0:00:02:00 9.28% (ETA: 07:07:11) 0.4911g/s 988877p/s 988877c/s
> 480793KC/s EE3699A..14D52IA
> 81g 0:00:03:00 14.00% (ETA: 07:07:04) 0.4477g/s 990547p/s 990547c/s
> 469139KC/s 2C2E9H2..14D1192
> 97g 0:00:04:00 18.64% (ETA: 07:07:06) 0.4029g/s 991159p/s 991159c/s
> 456234KC/s 48EDD8B..14D3F8B
> 121g 0:00:05:00 23.28% (ETA: 07:07:06) 0.4026g/s 991495p/s 991495c/s
> 444921KC/s 11152G3..14D52G3
> 152g 0:00:06:00 27.92% (ETA: 07:07:07) 0.4219g/s 991967p/s 991967c/s
> 432440KC/s 1117GFC..14D7GFC
> 180g 0:00:07:01 32.64% (ETA: 07:07:07) 0.4274g/s 992215p/s 992215c/s
> 419465KC/s 1113F64..14D3F64
> SN 18: Timeout.
> 206g 0:00:09:03 36.64% (ETA: 07:10:20) 0.3789g/s 862752p/s 862752c/s
> 355307KC/s G5H844D..14D3F4D
> Found 1 device(s) ZTEX 1.15y
> SN: 18 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:117
> 222g 0:00:10:00 40.88% (ETA: 07:10:05) 0.3698g/s 871830p/s 871830c/s
> 348567KC/s 11156B5..14D56B5
> 242g 0:00:11:01 45.60% (ETA: 07:09:47) 0.3660g/s 882918p/s 882918c/s
> 342095KC/s 111152E..14D152E
> 263g 0:00:12:00 50.24% (ETA: 07:09:32) 0.3648g/s 892028p/s 892028c/s
> 335500KC/s 1113J16..14D3J16
> 294g 0:00:13:00 54.88% (ETA: 07:09:20) 0.3766g/s 899868p/s 899868c/s
> 327451KC/s B3D8EJ6..14D56J6
> 322g 0:00:14:00 59.52% (ETA: 07:09:09) 0.3831g/s 906518p/s 906518c/s
> 318479KC/s 1117A0F..14D7A0F
> 345g 0:00:15:00 64.16% (ETA: 07:09:00) 0.3832g/s 912264p/s 912264c/s
> 309031KC/s 1119797..14D9797
> 371g 0:00:16:01 68.88% (ETA: 07:08:53) 0.3860g/s 917406p/s 917406c/s
> 299104KC/s 0CJ25HG..14D56HG
> 390g 0:00:17:00 73.52% (ETA: 07:08:46) 0.3820g/s 921817p/s 921817c/s
> 289425KC/s 1117A88..14D7A88
> SN 15: Timeout.
> 400g 0:00:18:46 76.24% (ETA: 07:10:15) 0.3550g/s 866217p/s 866217c/s
> 265834KC/s 769JI3H..14D3J3H
> Found 1 device(s) ZTEX 1.15y
> SN: 15 productId: 10.15.0.0 "inouttraffic JtR 1.8.x" busnum:1 devnum:114
> 403g 0:00:19:00 77.12% (ETA: 07:10:17) 0.3532g/s 865278p/s 865278c/s
> 263657KC/s 1117E5H..14D7E5H
> 423g 0:00:20:00 81.76% (ETA: 07:10:06) 0.3523g/s 871670p/s 871670c/s
> 255363KC/s 11191D9..14D91D9
> 445g 0:00:21:00 86.40% (ETA: 07:09:56) 0.3530g/s 877449p/s 877449c/s
> 246932KC/s 11117CI..14D17CI
> 464g 0:00:22:00 91.04% (ETA: 07:09:47) 0.3514g/s 882738p/s 882738c/s
> 238221KC/s 1113B30..14D3B30
> 491g 0:00:23:00 95.76% (ETA: 07:09:40) 0.3555g/s 887578p/s 887578c/s
> 229322KC/s 11191BJ..14D91BJ
> SN 22: Timeout.
> 508g 0:00:24:57 99.36% (ETA: 07:10:45) 0.3392g/s 849236p/s 849236c/s
> 211861KC/s 11195IJ..14D95IJ
> 510g 0:00:25:00 99.52% (ETA: 07:10:46) 0.3398g/s 848886p/s 848886c/s
> 211442KC/s EC1CIIJ..14D7A0J
> 512g 0:00:25:06 99.84% (ETA: 07:10:47) 0.3398g/s 848218p/s 848218c/s
> 210604KC/s 4I4B4JJ..14D91JJ
> Session completed

But this longer run cracked all 512.

> # Mask attack doesn't work, but wordlist attack does

This looks like user error to me, see below:

> $ rm john.pot
> 
> $ cat badsalt.hashes
> 24EBE20:$6$$g7OTMU70AzLH5YnAmsq3j6GUgFw6LFcT3UDjd1SfuUh9JMEfOH8Atf0S0JEa1rp3n304soNqspy3uQvc0XZQ21
> 0CB6G88:$6$4$Bb6mDYZOFXdTpFp2GF9cD2xmJHBuIqF86ug01.O0izJSC5ZE5/YO0i6ePeHQ41rpSTlO0FoKF2rE0lbww0U.e.
> 4FB23GC:$6$74$Nv/2/Db0qvxqZUFz65cZYKPF20TLjJ7EmHbb2AziYjL4sj40yuPIhqV49u8nQLs9cS7zDrEyBIojpIAkUt0ue1
> 17366HG:$6$085$ImmNlvoccxZkoN5QPW18QMwKTzUB9nrQF7LF4SWm8Af9SqUrdHStYacxBmRklkdJQAZa.AyiUFQuXngAbQxBE/
> 3ED0AF0:$6$7070$nf99hfeOdxnH.nxjYVk8RZXCvR2kpl78x7vTsNSu.rUDR6bKadUVJ7VQjxZGoB.vVg07Sk5JechYSQ87CK1aB.
> 8G01A64:$6$42397$3p2vK6fAdXV5IRDQnCXUkodjQeQnNpZCNjfUr6Fmr2jyTix9J2lcPmXyx0NQ7IKXqJVloz9Np3VyKAGiPGzhm1
> 2JCGD1A:$6$699377$dNE5BreyU.7PDKszP83gZrsomZSGQBLRk7lwnYIJdBNJJLzyjrqQ2NdceVIQbAlPeGQOVElLSOaVroXZgSa1H/
> 29JI98B:$6$1900768$B.6IhkBPv0iyRZlwnm7AL/A/d4bCXheYDJO6tzTBITWxgoqn5Z4d.ZTTDUwy2BQmo2heIGHD8D8ceDlRwWvy/1
> 
> $ cat badsalt.list
> 24EBE20
> 0CB6G88
> 4FB23GC
> 17366HG
> 3ED0AF0
> 8G01A64
> 2JCGD1A
> 29JI98B
> 
> 
> $ ./john -2='1A2B3C4D5E6F7G8H9I0J' --mask='0CB6G8?2'
> --format=sha512crypt-ztex --progress-every=60 badsalt.hashes
> Warning: ZTEX: sha512crypt hash with salt_length=0 skipped.
> ZTEX 10 bus:1 dev:75 Frequency:135 135 135 135
> ZTEX 11 bus:1 dev:71 Frequency:135 135 135 135
> ZTEX 12 bus:1 dev:66 Frequency:135 135 135 135
> ZTEX 13 bus:1 dev:74 Frequency:135 135 135 135
> ZTEX 14 bus:1 dev:70 Frequency:135 135 135 135
> ZTEX 15 bus:1 dev:65 Frequency:135 135 135 135
> ZTEX 16 bus:1 dev:63 Frequency:135 135 135 135
> ZTEX 18 bus:1 dev:69 Frequency:135 135 135 135
> ZTEX 19 bus:1 dev:64 Frequency:135 135 135 135
> ZTEX 20 bus:1 dev:73 Frequency:135 135 135 135
> ZTEX 21 bus:1 dev:68 Frequency:135 135 135 135
> ZTEX 22 bus:1 dev:62 Frequency:135 135 135 135
> ZTEX 23 bus:1 dev:72 Frequency:135 135 135 135
> ZTEX 24 bus:1 dev:67 Frequency:135 135 135 135
> ZTEX 25 bus:1 dev:61 Frequency:135 135 135 135
> Using default input encoding: UTF-8
> Loaded 7 password hashes with 7 different salts (sha512crypt-ztex, crypt(3)
> $6$ [sha512crypt ZTEX])
> Remaining 6 password hashes with 6 different salts

If you really "rm john.pot" just before running this attack, then why
does it say "Remaining 6 password hashes with 6 different salts"?  This
suggests there is a john.pot file present containing one of the hashes.

> Cost 1 (iteration count) is 5000 for all loaded hashes
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 0g 0:00:00:00  0g/s 0p/s 0c/s 0C/s
> Warning: Only 1 base candidate left, minimum 59880 needed for performance.
> Session completed

So maybe that one hash in john.pot was the one you expected to get
cracked here, but it didn't because it was already cracked?

> $ ./john --wordlist='badsalt.list' --format=sha512crypt-ztex
> --progress-every=60 badsalt.hashes
> Warning: ZTEX: sha512crypt hash with salt_length=0 skipped.
> ZTEX 10 bus:1 dev:75 Frequency:135 135 135 135
> ZTEX 11 bus:1 dev:71 Frequency:135 135 135 135
> ZTEX 12 bus:1 dev:66 Frequency:135 135 135 135
> ZTEX 13 bus:1 dev:74 Frequency:135 135 135 135
> ZTEX 14 bus:1 dev:70 Frequency:135 135 135 135
> ZTEX 15 bus:1 dev:65 Frequency:135 135 135 135
> ZTEX 16 bus:1 dev:63 Frequency:135 135 135 135
> ZTEX 18 bus:1 dev:69 Frequency:135 135 135 135
> ZTEX 19 bus:1 dev:64 Frequency:135 135 135 135
> ZTEX 20 bus:1 dev:73 Frequency:135 135 135 135
> ZTEX 21 bus:1 dev:68 Frequency:135 135 135 135
> ZTEX 22 bus:1 dev:62 Frequency:135 135 135 135
> ZTEX 23 bus:1 dev:72 Frequency:135 135 135 135
> ZTEX 24 bus:1 dev:67 Frequency:135 135 135 135
> ZTEX 25 bus:1 dev:61 Frequency:135 135 135 135
> Using default input encoding: UTF-8
> Loaded 7 password hashes with 7 different salts (sha512crypt-ztex, crypt(3)
> $6$ [sha512crypt ZTEX])
> Remaining 6 password hashes with 6 different salts
> Cost 1 (iteration count) is 5000 for all loaded hashes
> Note: This format may be a lot faster with --mask acceleration (see
> doc/MASK).
> Warning: Slow communication channel to the device. Increase mask or expect
> performance degradation.
> Press 'q' or Ctrl-C to abort, almost any other key for status
> Warning: Only 8 candidates left, minimum 524288 needed for performance.
> 4FB23GC          (4FB23GC)
> 17366HG          (17366HG)
> 3ED0AF0          (3ED0AF0)
> 8G01A64          (8G01A64)
> 2JCGD1A          (2JCGD1A)
> 29JI98B          (29JI98B)
> 6g 0:00:00:00 DONE (2019-04-14 14:48) 26.08g/s 34.78p/s 208.6c/s 208.6C/s
> 29JI98B..29JI98B
> Use the "--show" option to display all of the cracked passwords reliably
> Session completed

This doesn't include the 0CB6G88 crack, confirming my guess above.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.