Discussion:
[john-users] Support for cracking hash collisions
Matt Weir
2018-03-28 22:00:06 UTC
Permalink
In JtR is there a cracking option that will allow cracking sessions to
continue even after it finds a valid match, with all valid plaintexts being
saved to the POT file? An existing hash format where this would be useful
would be Mysql323, which suffers from having lots of collisions. I’ll admit
my question stems from the pwned password api lookup where it may be
possible to obtain the first five characters of the sha1 hash of a
password. I’d be curious if it would be worthwhile to create a dynamic hash
format to generate tailored dictionaries of collisions to use in other
attacks against stronger hashes.

Cheers,
Matt
Royce Williams
2018-03-28 22:30:38 UTC
Permalink
Post by Matt Weir
In JtR is there a cracking option that will allow cracking sessions to
continue even after it finds a valid match, with all valid plaintexts being
saved to the POT file? An existing hash format where this would be useful
would be Mysql323, which suffers from having lots of collisions. I’ll admit
my question stems from the pwned password api lookup where it may be
possible to obtain the first five characters of the sha1 hash of a
password. I’d be curious if it would be worthwhile to create a dynamic hash
format to generate tailored dictionaries of collisions to use in other
attacks against stronger hashes.
Jumbo has:

$ john --list=hidden-options | grep guess
--keep-guessing try more candidates for cracked hashes (ie.
search

Royce
Ian Boyd
2018-03-28 23:07:03 UTC
Permalink
Anyone have experience cracking a DMG file on Mac?
IF so what is the best Johnny option to use? Been trying to crack for a month now.
Post by Royce Williams
Post by Matt Weir
In JtR is there a cracking option that will allow cracking sessions to
continue even after it finds a valid match, with all valid plaintexts being
saved to the POT file? An existing hash format where this would be useful
would be Mysql323, which suffers from having lots of collisions. I’ll admit
my question stems from the pwned password api lookup where it may be
possible to obtain the first five characters of the sha1 hash of a
password. I’d be curious if it would be worthwhile to create a dynamic hash
format to generate tailored dictionaries of collisions to use in other
attacks against stronger hashes.
$ john --list=hidden-options | grep guess
--keep-guessing try more candidates for cracked hashes (ie.
search
Royce
Solar Designer
2018-03-29 06:29:28 UTC
Permalink
Ian,

Please do not hijack threads like you just did. Please always post to
the proper thread (or start a new one if the topic hadn't been discussed
yet or not recently) and only quote relevant context.

I will briefly reply this one time, but for anything further please use
the existing "dmg file with lost password" thread (which means: "reply"
to a message in that thread):

http://www.openwall.com/lists/john-users/2018/03/27/1
Post by Ian Boyd
Anyone have experience cracking a DMG file on Mac?
I do. It's sometimes successful (when the password is weak, or when the
person recalls enough info about the password and we focus the attack),
but usually not.
Post by Ian Boyd
IF so what is the best Johnny option to use? Been trying to crack for a month now.
I don't use Johnny, but in general you need to provide options and/or
config file edits to JtR to focus the attack based on whatever info
about the password you can recall. It also helps to run the attack on a
fast machine with discrete GPUs (and enable their use with command-line
options to JtR).

For more detail, please use the proper thread, and if you don't mind
making this public you may describe what you can recall about the
password in there and then someone might help estimate your chances
and/or suggest specific JtR settings.

Alexander

Loading...