search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.27k stars 2.1k forks source link

Support Apache Shiro and slapd Argon2 hash encodings #5521

Open solardiz opened 2 months ago

solardiz commented 2 months ago

https://shiro.apache.org/cryptography-features.html uses Argon2id hashes, but encodes them subtly differently. Test vectors from CMIYC 2024 cracks:

$shiro2$argon2id$v=19$t=1,m=65536,p=4$z0RJt6Ddj3RwojqdC7ldPw$GlQ2aON2k6zNEIAVUgxounobxAFbpPXh8dQkPFUvexM
$shiro2$argon2id$v=19$t=1,m=65536,p=4$2IbMDqCmh/5RI5sVZzMdUw$fwqL7fb+UY2MDL2r4QXGGExJwK05yxolYjnY1xlFje0

were after a sed crackable by our argon2-opencl like this:

$argon2id$v=19$m=65536,t=1,p=4$z0RJt6Ddj3RwojqdC7ldPw$GlQ2aON2k6zNEIAVUgxounobxAFbpPXh8dQkPFUvexM:Aditya@2011
$argon2id$v=19$m=65536,t=1,p=4$2IbMDqCmh/5RI5sVZzMdUw$fwqL7fb+UY2MDL2r4QXGGExJwK05yxolYjnY1xlFje0:Aarush@01

We could want to add a split() or prepare() to remove the $shiro2 and put m and t in the canonical order. Alternatively, for the latter we could patch upstream Argon2 code not to insist on the order, but then there would be more than one representation of the same hash in john.pot, which is undesirable.

solardiz commented 2 weeks ago

While at it, we could also want to support the {ARGON2} prefix used by slappw-argon2 - Argon2 password module to slapd: https://man.archlinux.org/man/core/openldap/slappw-argon2.5.en

Both userPassword LDAP attributes below encode the password 'secret' using different salts:

userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng

userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw