|
Message-ID: <c4e7ca9da03905b63fb52b663d125e17@smtp.hushmail.com> Date: Mon, 9 Sep 2019 08:09:12 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: SHA256(XOR(salt+pass, key)) On 2019-09-07 15:05, Marcin Gębarowski wrote: > Looking for help with using john to crack the hashes I got, the > application creates them as follows: > > SHA256(XOR(salt + pass, key)) > > > Salt and key are both 32 bytes long. I have the key. Hashes are stored > in format: > base64(salt + hash) > but I can easily change that to anything else. > > > The main problem I'm having is the XOR function, which I was unable to > find in dynamic scripts library. Having something like: > sha256(xor($s.$p, $key)) > as dynamic script would definitely solve this... So is key like a 2nd (fixed) salt (pepper)? What application is that? I'm sure Jim could add XOR to dynamic compiler format with ease. Can you post a sample or two with known pass and key that we can use as test vectors? There's a minor optimization possible - we could save state of SHA256 after the first 8 rounds with a given salt, and reuse that for as many password candidates we like. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.