openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.24k stars 2.1k forks source link

Fix / improve EIGRP support #811

Closed kholia closed 9 years ago

frank-dittrich commented 10 years ago

Since you provided no description, I'll ask.

Apparently, eigrp hash algo_type as first field of the salt. Currently, this also_type is not really used, so I assume there's currently just one algo type supported. Do you intend to add support for other algo types? Will the improved valid() reject a hash if the algo type is not supported?

If you add more algo types, and these differ in c/s rate, can you report the algo type as tunable cost?

kholia commented 10 years ago

Yes, yes and yes :)

Currently, the format has problems cracking hashes from different CIsco IOS / IOU versions. To make this format robust, more reversing work is required.

kholia commented 10 years ago

I am travelling soon and will be back around 28th of October.

kholia commented 9 years ago

The format seems to be more robust with the latest changes. Closing this tracking ticket.

magnumripper commented 9 years ago

That would be 82148f4a, 0120253, 2506916e5 and 1a497b8 just for the record.

frank-dittrich commented 9 years ago

Commit 0120253f allowed algo_type 3 (SHA256) in addition to algo_type 2 (MD5) in run/eigrp2john.py. But the message for unknown / unsupported algorithms has not been changed: "[-] Ignoring non-MD5 auth type in packet %s!\n". But --format=eigrp still rejects those algo_type 3 hashes.

IMHO, the user should be warned if some of the valid hashes are rejected because algo_type 3 support has not been implemented.