Discussion:
Problems with sha512 on fedora20
Alex Regan
2014-10-08 23:16:01 UTC
Permalink
Hi,

I have a fedora20 box with john-1.8.0-2.fc20.x86_64 installed, and
trying to crack what I think are sha512 passwords:

04082:$6$UWv6MDUq$c2mQjv97TFZOt5VwiFBXXXsgzSx5CKBejQfATwCbOUrPdlIjMVvBM9T81u9I5MwJFIXxGBcE3u/FOUoTw6baDL0:16013::::::

I believe type $6 is SHA512, correct?

When running john without any format options on this shadow file, it
reports:

# john --session=sha shadow-100814-sha
Warning: hash encoding string length 100, type id $6
appears to be unsupported on this system; will not load such hashes.
Loaded 690 password hashes with 690 different salts (crypt, generic
crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status

When trying to specify sha512, as I've discovered from googling, it
appears the format may not be supported?

It also appears it may think several different formats are included in
this shadow file? Every entry in the file includes $6$ to start...

# john --format=raw-sha512 --session=sha shadow-100814-sha
Unknown ciphertext format name requested

Running john without options:

# # john
John the Ripper password cracker, version 1.8.0
Copyright (c) 1996-2013 by Solar Designer
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
...
--format=NAME force hash type NAME:
descrypt/bsdicrypt/md5crypt/
bcrypt/LM/AFS/tripcode/dummy/crypt

Does this mean sha512 isn't supported?

Thanks,
Alex
magnum
2014-10-09 00:49:40 UTC
Permalink
Post by Alex Regan
I believe type $6 is SHA512, correct?
Yes but the hash above is one character too short. The salt (after "$6$"
and up to next "$") can be up to 16 characters, while the hash (rest of
line) must be exactly 86 characters.
Post by Alex Regan
When running john without any format options on this shadow file, it
Warning: hash encoding string length 100, type id $6
appears to be unsupported on this system; will not load such hashes.
Loaded 690 password hashes with 690 different salts (crypt, generic
crypt(3) [?/64])
When trying to specify sha512, as I've discovered from googling, it
appears the format may not be supported?
In non-Jumbo versions of john, it's supported provided john is run on a
host that supports it. In the Jumbo version it's supported regardless
but it's called "sha512crypt" and not just "sha512".
Post by Alex Regan
It also appears it may think several different formats are included in
this shadow file? Every entry in the file includes $6$ to start...
I suppose there are 690 hashes that actually complies as being
sha512crypt, and at least one that doesn't.

magnum
Alex Regan
2014-10-09 01:04:34 UTC
Permalink
Hi,
Post by magnum
Post by Alex Regan
I believe type $6 is SHA512, correct?
Yes but the hash above is one character too short. The salt (after "$6$"
and up to next "$") can be up to 16 characters, while the hash (rest of
line) must be exactly 86 characters.
My apologies; I unsuccessfully tried to obfuscate the password and added
an extra letter.
Post by magnum
Post by Alex Regan
When trying to specify sha512, as I've discovered from googling, it
appears the format may not be supported?
In non-Jumbo versions of john, it's supported provided john is run on a
host that supports it. In the Jumbo version it's supported regardless
but it's called "sha512crypt" and not just "sha512".
What are the requirements for the host to support it? I just tried
sha512crypt and that's not recognized either.

How do I know if I have a jumbo version?

Thanks,
Alex
Post by magnum
Post by Alex Regan
It also appears it may think several different formats are included in
this shadow file? Every entry in the file includes $6$ to start...
I suppose there are 690 hashes that actually complies as being
sha512crypt, and at least one that doesn't.
magnum
Loading...