PBKDF2-HMAC-* not recognized

noraj / haiti

:key: Hash type identifier (CLI & lib)

https://noraj.github.io/haiti/

MIT License

743 stars 55 forks source link

PBKDF2-HMAC-* not recognized #160

Closed lap1nou closed 9 months ago

lap1nou commented 9 months ago

Hello,

Thank you for this amazing tool.

I think hash of type PBKDF2-HMAC-* is not recognized, for example the hash mode 11900 of hashcat:

haiti -e 'md5:1000:MTg1MzA=:Lz84VOcrXd699Edsj34PP98+f4f3S0rTZ4kHAIHoAjs='

# Unknown hash type

[x] PBKDF2-HMAC-MD5 (11900)
[x] PBKDF2-HMAC-SHA1 (12000)
[x] PBKDF2-HMAC-SHA256 (10900)
[x] PBKDF2-HMAC-SHA512 (12100)

Regards.

github-actions[bot] commented 9 months ago

Hey, thank you for opening this issue! 🙂 To boost priority on this issue and support open source please tip the team at https://issuehunt.io/r/noraj/haiti/issues/160

noraj commented 9 months ago

Where those hash are coming from? Which software and version? The format don't seem common.

Not supported yet:

[x] PBKDF2-HMAC-MD5 (HC 11900)
[x] PBKDF2-HMAC-SHA1 (HC 20400)
[x] PBKDF2-HMAC-SHA512 (HC 12100)

Supported:

[x] PBKDF2-HMAC-SHA1 (JtR pbkdf2-hmac-sha1)
[x] PBKDF2-HMAC-SHA256 (JtR pbkdf2-hmac-sha256 + django, vbox, cisco, etc.)
[x] PBKDF2-HMAC-SHA256 (HC 10900 (PHP))
[x] PBKDF2-HMAC-SHA512 (HC 7100 (OSX) JtR pbkdf2-hmac-sha512)

lap1nou commented 9 months ago

Hey @noraj,

I saw one of them being used by this: https://werkzeug.palletsprojects.com/en/3.0.x/utils/#module-werkzeug.security.

noraj commented 9 months ago

Ok I'll check if it's python hashlib format or if it's werkzeug that is formating them this way.

noraj commented 9 months ago

hashlib by itself format classical format either in hex or raw binary

>>> import hashlib
>>> hashlib.pbkdf2_hmac('md5', b'password', b'bad salt' * 2, 500_000).hex()
'07fbc83dbfa2c08236c1fb59a56e58ef'

werkzeug use this format

>>> import werkzeug
>>> werkzeug.security.generate_password_hash('password', method='pbkdf2:md5', salt_length=16)
'pbkdf2:md5:600000$KeQ0sF2wqnb9UI5Z$9cc66c4bde295ec5d5ed1417cd36aa1b'

So could you tell me more about where does this hash come from? Because the format doesn't match.

noraj commented 9 months ago

I added a lot of new formats and enhanced existing ones related to PBKDF2 in this branch: https://github.com/noraj/haiti/compare/noraj/pbkdf2?expand=1

There is still some work:

fix
- [x] PBKDF2-SHA512(Generic) / HC 20200
- [x] Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512) / HC 24500
add
- [x] Web2py pbkdf2-sha512 / HC 21600
- [x] Telegram Desktop < v2.1.14 (PBKDF2-HMAC-SHA1) / HC 22600
- [x] VMware VMX (PBKDF2-HMAC-SHA1 + AES-256-CBC) / HC 27400
- [x] ENCsecurity Datavault (PBKDF2) / HC 29910 / 29920
- [x] werkzeug format
verify
- [x] HC 20300
- [x] HC 20400
- [x] Telegram Mobile App Passcode (SHA256) / HC 22301 (not related to PBKDF2)
- [x] telegram JtR

lap1nou commented 9 months ago

@noraj Thank you really much, sorry I couldn't help you I had a lot of work this week, hope I can contribute someday.

Regards.

noraj commented 9 months ago

@lap1nou Do you want me to assign you #162?

lap1nou commented 9 months ago

@noraj I can try to propose some changes yup.

noraj commented 9 months ago

About PBKDF2?

lap1nou commented 9 months ago

About https://github.com/noraj/haiti/issues/162.

noraj commented 9 months ago

Yeah please do. Make a comment on it so I can assign it to you.

noraj commented 9 months ago

@lap1nou I would like to release 2.0.0 this weekend, ~~so I'll manage #162 myself as I see on your fork that you don't have a WPA branch yet. So please don't start to work on it.~~ If you want to add some new types, please look at uncommon hash types on https://hashcat.net/wiki/doku.php?id=example_hashes and check if they exist in prototypes.json. Thanks for wanting to help ;)

Update: I tagged #162 for 2.0.1 milestone so please feel free to work on it.