search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.1k stars 2.08k forks source link

Support Apache Shiro Argon2 hash encoding #5521

Open solardiz opened 1 month ago

solardiz commented 1 month ago

https://shiro.apache.org/cryptography-features.html uses Argon2id hashes, but encodes them subtly differently. Test vectors from CMIYC 2024 cracks:

$shiro2$argon2id$v=19$t=1,m=65536,p=4$z0RJt6Ddj3RwojqdC7ldPw$GlQ2aON2k6zNEIAVUgxounobxAFbpPXh8dQkPFUvexM
$shiro2$argon2id$v=19$t=1,m=65536,p=4$2IbMDqCmh/5RI5sVZzMdUw$fwqL7fb+UY2MDL2r4QXGGExJwK05yxolYjnY1xlFje0

were after a sed crackable by our argon2-opencl like this:

$argon2id$v=19$m=65536,t=1,p=4$z0RJt6Ddj3RwojqdC7ldPw$GlQ2aON2k6zNEIAVUgxounobxAFbpPXh8dQkPFUvexM:Aditya@2011
$argon2id$v=19$m=65536,t=1,p=4$2IbMDqCmh/5RI5sVZzMdUw$fwqL7fb+UY2MDL2r4QXGGExJwK05yxolYjnY1xlFje0:Aarush@01

We could want to add a split() or prepare() to remove the $shiro2 and put m and t in the canonical order. Alternatively, for the latter we could patch upstream Argon2 code not to insist on the order, but then there would be more than one representation of the same hash in john.pot, which is undesirable.