search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.37k stars 2.11k forks source link

Support for MD5(MD5(SHA1(SHA1(MD5($pass))))) #2619

Open mikzaq opened 7 years ago

mikzaq commented 7 years ago

Support for MD5(MD5(SHA1(SHA1(MD5($pass))))).

Is there a way I can crack this type of hash? Is it already implemented?

solardiz commented 7 years ago

Thanks to JimF's work, you can literally put this specification on JtR command line and it just works:

$ ./john --test --format='dynamic=md5(md5(sha1(sha1(md5($p)))))' Benchmarking: dynamic=md5(md5(sha1(sha1(md5($p))))) [128/128 AVX 4x1]... DONE Raw: 2976K c/s real, 2976K c/s virtual

Perhaps we need to document this in some extremely prominent place, as a lot of people don't realize this functionality exists. Can we possibly reuse this issue as that documentation request, and only close it once we do have a sufficiently prominent mention/example of the feature?

kholia commented 7 years ago

I started documenting such dynamic compiler expressions in DYNAMIC_COMPILER_FORMATS.md document, but I suspect that it is neither a prominent nor an obvious place to look at.

kholia commented 7 years ago

@mikzaq Do you happen to know where this hashing scheme is used?