![]() # postgres:(usr) Loaded 15 password hashes with 3 different salts (postgres, PostgreSQL C/R ) # postgres: Loaded 15 password hashes with 3 different salts (postgres, PostgreSQL C/R ) # mysqlna: Loaded 15 password hashes with 3 different salts (mysqlna, MySQL Network Authentication ) # cisco9 scrypt: Loaded 15 password hashes with 3 different salts (scrypt ) # mongodb: Loaded 15 password hashes with 3 different salts (MongoDB, system / network ) # odf-1: Loaded 15 password hashes with 3 different salts (ODF ) # odf: Loaded 15 password hashes with 3 different salts (ODF ) # lastpass: Loaded 15 password hashes with 3 different salts (LastPass, sniffed sessions ) # lp: Loaded 15 password hashes with 3 different salts (lp, LastPass offline ) # krb5-18: Loaded 15 password hashes with 3 different salts (krb5-18, Kerberos 5 db etype 18 aes256-cts-hmac-sha1-96 ) # mscash: Loaded 15 password hashes with 3 different salts (mscash, MS Cache Hash (DCC) ) # dragonfl圓-64: Loaded 15 password hashes with 3 different salts (dragonfl圓-64, DragonFly BSD $3$ w/ bug, 64-bit ) # dragonfly4-64: Loaded 15 password hashes with 3 different salts (dragonfly4-64, DragonFly BSD $4$ w/ bugs, 64-bit ) # dragonfly4-32: Loaded 15 password hashes with 3 different salts (dragonfly4-32, DragonFly BSD $4$ w/ bugs, 32-bit ) # dragonfl圓-32: Loaded 15 password hashes with 3 different salts (dragonfl圓-32, DragonFly BSD $3$ w/ bug, 32-bit ) # cisco8: Loaded 15 password hashes with 3 different salts (PBKDF2-HMAC-SHA256 ) # bcryptx: Loaded 15 password hashes with 3 different salts (bcrypt ) # bcrypt: Loaded 15 password hashes with 3 different salts (bcrypt ) # bsdicrypt: Loaded 15 password hashes with 3 different salts (bsdicrypt, BSDI crypt(3) ) # descrypt: Loaded 15 password hashes with 3 different salts (descrypt, traditional crypt(3) ) run/john -form=$1 -w=rnd.dic tst.in -max-run-time=1 2> /dev/null | grep Loaded run/john -form=$2 -w=rnd.dic tst.in -max-run-time=1 2> /dev/null | grep Loaded Įlse. # off20 may NOT be able to be salt dupe removed. # cisco9: Loaded 15 password hashes with 15 different salts (scrypt ) # bigcrypt: Loaded 30 password hashes with 18 different salts (descrypt, traditional crypt(3) ) # md5crypt: Loaded 15 password hashes with 15 different salts (md5crypt, crypt(3) $1$ ) On the run I was working on for the TS, I should have had 1500 hashes with 10 salts (150 passwords for each salt). It is found by having multiple inputs that 'should' have same salt, BUT the format does not see them. It suck, because things work, so auto type testing appears to not spot it. We need to look at other cracked method formats, and make sure that they are NOT hiding this type latent bug. If it was binary, we could remove that encr user name from the salt array, and then properly only have the salt (which is the user name in clear text). This should be a normal 'binary' type, and not a cracked array type. The salt contains the encrypted_user name. This one does not show up in the salt find logic. Most need encryption or some other thing done, that keeps salts random. I believe that all of these can not do dupe salt removal. This is ALL of them, with exception of dynamic, which should properly reduce salts. This is a complete set, from pass_gen.pl as it stands. ![]() keychain Loaded 15 password hashes with 15 different salts (keychain, Mac OS X Keychain ) (I think no salt dupes. ![]() rar: Loaded 15 password hashes with 15 different salts (rar, RAR3 ).Pretty sure rar was 'right', and is not removing dupes.tc_whirlpool: Loaded 15 password hashes with 15 different salts (tc_whirlpool, TrueCrypt WHIRLPOOL AES256_XTS ).tc_sha512: Loaded 15 password hashes with 15 different salts (tc_sha512, TrueCrypt SHA512 AES256_XTS ).tc_ripemd160: Loaded 15 password hashes with 15 different salts (tc_ripemd160, TrueCrypt RIPEMD160 AES256_XTS ).o5logon: Loaded 15 password hashes with 15 different salts (o5logon, Oracle O5LOGON protocol ).I will put them all here, with checkboxes, when I find them (using the tester script in one of the lower posts). But others have busted salt dupe remove logic. It MAY be that some of these simply do not have dupe salts (many encryption based quasi-hashes will not). It is a list of hashes that salt dupe is not working. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |