Posts: 347
Threads: 3
Joined: May 2010
Just asking for WBB3 algo support,
It's sha1($salt.sha1($salt.sha1($pass)))
Some examples (hash
alt:pass) :
Code:
e2063f7c629d852302d3020599376016ff340399:0b053db07dc02bc6f6e24e00462f17e3c550afa9:123456
2c56d23b44eb122bb176dfa2a1452afaf89f1143:a710463f75bf4568d398db32a53f9803007388a3:123456
2596b5f8e7cdaf4b15604ad336b810e8e2935b1d:1039145e9e785ddb2ac7ccca89ac1b159b595cc1:12345678
26496a87c1a7dd68f7beceb2fc40b6fc4223a453:db763342e23f8ccdbd9c90d1cc7896d80b7e0a44:12345678
51cdea260fdb7aa4e6e341fd53e13f00ef82fdab:c8b021cb7341b1b4bb736c5b4034d9e11db4cb83:12345678
0b2f294b48b8bb5785f548cd68bb4069403dd15f:a5e2ce90ea53a755e59336dea51d62130c54d921:123456789
7e64deaee5c45b733ddbfa68e25cb30da6fd1ec5:df2dce4151263cc621ff16720bf53fae535b168e:123456789
d945c02cf85738b7db4f4f05edd676283280a513:bf2c7d0c8fb6cb146adf8933e32da012d31b5bbb:123456789
e3e03fe02223c5030e834f81997f614b43441853:d132b22d3f1d942b99cc1f5fbd5cc3eb0824d608:1234567890
1d88f3774c4492547f82ff4235bd423ec5897a65:8eed0cabb10fc4745a4d609d045d85133537806b:1234567890
a410fe56f91eefbd1f63af3f13750d3b4b136d79:525a5ef3c1a5b461341a04af9967ad9d4ecfdd33:37915
da64b355a99eeae6489673c7e34f9c2379b876b2:c85c6379c36701c58c91b6364e8b9de324c75131:50cent
59f68c1b9ad52a27108437562efed76d3f4da610:e7e8132c9d150cd21552030d8fcd4f0d3323de46:77493
Posts: 5,185
Threads: 230
Joined: Apr 2010
sorry, not possible. internal structures of both hashcat and oclHashcat can only work with a maximum password < 55 chars length.
Posts: 347
Threads: 3
Joined: May 2010
06-26-2010, 02:54 PM
(This post was last modified: 06-26-2010, 02:55 PM by Xanadrel.)
(06-26-2010, 02:52 PM)atom Wrote: sorry, not possible. internal structures of both hashcat and oclHashcat can only work with a maximum password < 55 chars length.
Ah ok, anyway, thank you.
(By the way where this 55 comes from ? :p)
Posts: 5,185
Threads: 230
Joined: Apr 2010
64 (password block buffer of sha1/md4/md5) - 8 (pw length) - 1 (0x80 stopbit)
Posts: 347
Threads: 3
Joined: May 2010
Hmm ok good to know
Posts: 39
Threads: 2
Joined: Mar 2012
(06-26-2010, 11:44 AM)Xanadrel Wrote: Just asking for WBB3 algo support,
It's sha1($salt.sha1($salt.sha1($pass)))
Some examples (hashalt:pass) :
Code:
e2063f7c629d852302d3020599376016ff340399:0b053db07dc02bc6f6e24e00462f17e3c550afa9:123456
2c56d23b44eb122bb176dfa2a1452afaf89f1143:a710463f75bf4568d398db32a53f9803007388a3:123456
2596b5f8e7cdaf4b15604ad336b810e8e2935b1d:1039145e9e785ddb2ac7ccca89ac1b159b595cc1:12345678
26496a87c1a7dd68f7beceb2fc40b6fc4223a453:db763342e23f8ccdbd9c90d1cc7896d80b7e0a44:12345678
51cdea260fdb7aa4e6e341fd53e13f00ef82fdab:c8b021cb7341b1b4bb736c5b4034d9e11db4cb83:12345678
0b2f294b48b8bb5785f548cd68bb4069403dd15f:a5e2ce90ea53a755e59336dea51d62130c54d921:123456789
7e64deaee5c45b733ddbfa68e25cb30da6fd1ec5:df2dce4151263cc621ff16720bf53fae535b168e:123456789
d945c02cf85738b7db4f4f05edd676283280a513:bf2c7d0c8fb6cb146adf8933e32da012d31b5bbb:123456789
e3e03fe02223c5030e834f81997f614b43441853:d132b22d3f1d942b99cc1f5fbd5cc3eb0824d608:1234567890
1d88f3774c4492547f82ff4235bd423ec5897a65:8eed0cabb10fc4745a4d609d045d85133537806b:1234567890
a410fe56f91eefbd1f63af3f13750d3b4b136d79:525a5ef3c1a5b461341a04af9967ad9d4ecfdd33:37915
da64b355a99eeae6489673c7e34f9c2379b876b2:c85c6379c36701c58c91b6364e8b9de324c75131:50cent
59f68c1b9ad52a27108437562efed76d3f4da610:e7e8132c9d150cd21552030d8fcd4f0d3323de46:77493
If you are fine with a CPU implementation, ask on john-users (JtR mailing list) for it.
Posts: 39
Threads: 2
Joined: Mar 2012
05-16-2012, 07:00 AM
(This post was last modified: 05-16-2012, 07:23 AM by halfie.)
(06-26-2010, 02:52 PM)atom Wrote: sorry, not possible. internal structures of both hashcat and oclHashcat can only work with a maximum password < 55 chars length.
@atom: and how is WoltLab BB3 scheme exceeding this limit? Both the hash and the salt are 20 bytes in length (they are in hex). The maximum input length at a time is 40 bytes.
(06-26-2010, 11:44 AM)Xanadrel Wrote: Just asking for WBB3 algo support,
It's sha1($salt.sha1($salt.sha1($pass)))
Are you sure about sha1($salt.sha1($salt.sha1($pass)))?
Code:
import hashlib
import binascii
# WBB3 scheme -> sha1($salt.sha1($salt.sha1($pass))
hash = binascii.unhexlify("e2063f7c629d852302d3020599376016ff340399")
salt = binascii.unhexlify("0b053db07dc02bc6f6e24e00462f17e3c550afa9")
password = "123456"
m0 = hashlib.sha1()
m0.update(password)
m1 = hashlib.sha1()
m1.update(salt)
m1.update(m0.digest())
m2 = hashlib.sha1()
m2.update(salt)
m2.update(m1.digest())
print "Output:", binascii.hexlify(m2.digest())
print "Actual", binascii.hexlify(hash)
#Output: fe939061fa0490f3c63c12a4f550f32029d7b83d
#Actual e2063f7c629d852302d3020599376016ff340399
Output: fe939061fa0490f3c63c12a4f550f32029d7b83d
Actual e2063f7c629d852302d3020599376016ff340399
The output doesn't match the actual hash value using the encryption scheme you mentioned.
Posts: 2,301
Threads: 11
Joined: Jul 2010
05-16-2012, 09:23 AM
(This post was last modified: 05-16-2012, 09:35 AM by undeath.)
is that python snippet yours? If yes: who told you to use hexlify/unhexlify?
Code:
import hashlib
import binascii
# WBB3 scheme -> sha1($salt.sha1($salt.sha1($pass))
hash = "e2063f7c629d852302d3020599376016ff340399"
salt = "0b053db07dc02bc6f6e24e00462f17e3c550afa9"
password = "123456"
m0 = hashlib.sha1()
m0.update(password)
m1 = hashlib.sha1()
m1.update(salt)
m1.update(binascii.hexlify(m0.digest()))
m2 = hashlib.sha1()
m2.update(salt)
m2.update(binascii.hexlify(m1.digest()))
print("Output:", binascii.hexlify(m2.digest()))
print("Actual", hash)
>>> print("Output:", binascii.hexlify(m2.digest()))
('Output:', 'e2063f7c629d852302d3020599376016ff340399')
>>> print("Actual", hash)
('Actual', 'e2063f7c629d852302d3020599376016ff340399')
Posts: 5,185
Threads: 230
Joined: Apr 2010
(05-16-2012, 07:00 AM)halfie Wrote: @atom: and how is WoltLab BB3 scheme exceeding this limit? Both the hash and the salt are 20 bytes in length (they are in hex). The maximum input length at a time is 40 bytes.
I did not know that it is using a hex encoded digest nor did I know its using a hex encoded salt string. In this case it would use 40 + 40 = 80 which is greater than 55.
Posts: 39
Threads: 2
Joined: Mar 2012
05-16-2012, 01:04 PM
(This post was last modified: 05-16-2012, 01:06 PM by halfie.)
(05-16-2012, 09:23 AM)undeath Wrote: is that python snippet yours? If yes: who told you to use hexlify/unhexlify?
Code:
import hashlib
import binascii
# WBB3 scheme -> sha1($salt.sha1($salt.sha1($pass))
hash = "e2063f7c629d852302d3020599376016ff340399"
salt = "0b053db07dc02bc6f6e24e00462f17e3c550afa9"
password = "123456"
m0 = hashlib.sha1()
m0.update(password)
m1 = hashlib.sha1()
m1.update(salt)
m1.update(binascii.hexlify(m0.digest()))
m2 = hashlib.sha1()
m2.update(salt)
m2.update(binascii.hexlify(m1.digest()))
print("Output:", binascii.hexlify(m2.digest()))
print("Actual", hash)
>>> print("Output:", binascii.hexlify(m2.digest()))
('Output:', 'e2063f7c629d852302d3020599376016ff340399')
>>> print("Actual", hash)
('Actual', 'e2063f7c629d852302d3020599376016ff340399')
Thanks for fixing it :-). It works now. I wrongly assumed that the given salt was to be un-hexed.
(05-16-2012, 10:14 AM)atom Wrote: (05-16-2012, 07:00 AM)halfie Wrote: @atom: and how is WoltLab BB3 scheme exceeding this limit? Both the hash and the salt are 20 bytes in length (they are in hex). The maximum input length at a time is 40 bytes.
I did not know that it is using a hex encoded digest nor did I know its using a hex encoded salt string. In this case it would use 40 + 40 = 80 which is greater than 55.
You were right. The maximum length is 80. The algorithm operates on hex encoded strings.