Discussion:
XenForo algorithm and dynamic formats
(too old to reply)
Eddy
2016-04-24 14:36:25 UTC
Permalink
Hi,

a guy requested on hashcat github an implementation of XenForo
encryption scheme, which follows this:

sha1(hexdigest (sha1(password)) . hexdigest(salt))
sha256(hexdigest (sha256(password)) . hexdigest(salt))

These schemes could easily be implemented using dynamic so I was
wondering if there is any perticular will of the team whether to
implement proper formats for this kind of encryption schemes or to only
rely on dynamic formats (thus less performances)

Fist0urs
Aleksey Cherepanov
2016-04-24 14:50:53 UTC
Permalink
a guy requested on hashcat github an implementation of XenForo encryption
sha1(hexdigest (sha1(password)) . hexdigest(salt))
sha256(hexdigest (sha256(password)) . hexdigest(salt))
These schemes could easily be implemented using dynamic so I was wondering
They are already implemented:

dynamic_1503 sha256(sha256($p).$s) (XenForo SHA-256)
dynamic_1502 sha1(sha1($p).$s) (XenForo SHA-1)

$ run/john --list=format-details | grep -i xenforo
if there is any perticular will of the team whether to implement proper
formats for this kind of encryption schemes or to only rely on dynamic
formats (thus less performances)
In the scheme with sha256, sha256($p) may be lifted from loop over
salts because the result is in hex and is long exactly as input block
for sha256. I guess Jim's current dynamics does not catch such case,
but it may be worth to improve it there instead of new format.

More comments?

Thanks!
--
Regards,
Aleksey Cherepanov
Aleksey Cherepanov
2016-04-24 14:56:54 UTC
Permalink
Post by Aleksey Cherepanov
a guy requested on hashcat github an implementation of XenForo encryption
sha1(hexdigest (sha1(password)) . hexdigest(salt))
sha256(hexdigest (sha256(password)) . hexdigest(salt))
These schemes could easily be implemented using dynamic so I was wondering
dynamic_1503 sha256(sha256($p).$s) (XenForo SHA-256)
dynamic_1502 sha1(sha1($p).$s) (XenForo SHA-1)
$ run/john --list=format-details | grep -i xenforo
if there is any perticular will of the team whether to implement proper
formats for this kind of encryption schemes or to only rely on dynamic
formats (thus less performances)
In the scheme with sha256, sha256($p) may be lifted from loop over
salts because the result is in hex and is long exactly as input block
for sha256. I guess Jim's current dynamics does not catch such case,
but it may be worth to improve it there instead of new format.
Oh, I replied to quickly: both sha256($p) and sha1($p) may be lifted
and it looks like dynamics handle it:

$ john '--format=dynamic=sha1(sha1($p).$s)' --test=5
Benchmarking: dynamic=sha1(sha1($p).$s) [128/128 SSE4.1 4x1]... DONE
Many salts: 7520K c/s real, 7520K c/s virtual
Only one salt: 2767K c/s real, 2767K c/s virtual

$ john '--format=dynamic=sha1($p.$s)' --test=5
Benchmarking: dynamic=sha1($p.$s) [128/128 SSE4.1 4x1]... DONE
Many salts: 5111K c/s real, 5122K c/s virtual
Only one salt: 4600K c/s real, 4600K c/s virtual

But with sha256($p), it is possible to lift the first limb of outer
sha256.
Post by Aleksey Cherepanov
More comments?
Thanks!
--
Regards,
Aleksey Cherepanov
Loading...