SHA256 bug when salt is really big?
#1
*** I HOPE I AM NOT BREAKING THE 'NO-POSTING HASHES RULE' BY THIS THREAD SINCE BOTH HASHES ARE HOME-MADE **



So, I declare beforehand that I might be stupid but I do believe that there is a bug materializing in oclhashcat when a SHA256 hash is derived from a password with a really big salt. Please note that hashcat DOES NOT suffer from the same problem; it works fine and manages to find the passwords in both cases in the following examples.

In my opinion the bug is due to some kind of overflow of an internal buffer. No error is output; oclhashcat simply fails to find the password.

The bug occurs in cases where the SALT is big (regarding the length).

Here are 2 examples so you see what I mean:



Example 1 (SUCCESS):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty,men!#]
SALT AS HEX: 5B4033362044697274792C6D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty,men!#]
SHA256= 50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047

For password= 1111111 -> password+SALT= 1111111[@36 Dirty,men!#]
SHA256= eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous hash and put in the 2nd hash:
-----------------------------------------------------------
1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
------------------------------------- 1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D 1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: SUCCCESS, BOTH PASSWORDS FOUND AS EXPECTED

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Example 2 (FAILURE):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty, Ugly and Filthy old men!#]
SALT AS HEX: 5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4

For password= 1111111 -> password+SALT= 1111111[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous and put in the 2nd hash:
-----------------------------------------------------------
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
-------------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D 1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** FAILURE !! ** None of the 2 found!!



4) Let's try a mix. Put in hash file one of the 2 hashes from example #1 (which has a smaller salt) and a hash from example #2 (larger salt):
---------------------------------------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** Semi-FAILURE !! ** Only the one with the smaller salt is found!


I hope you understand what I mean...



PS: while editing the above I realized that whenever I mention the big salt
"5B40333362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D" it ends up somehow visually split, ie:

"5B40333​
62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D"

and there is no way to make it appear as a whole entity. No clue there....


Messages In This Thread
SHA256 bug when salt is really big? - by john2014 - 02-13-2014, 08:27 PM