TransWikia.com

John The Ripper and PBKDF2-HMAC-SHA1

Information Security Asked by Canine on December 22, 2020

I am trying to hash a list of passwords with PBKDF2-HMAC-SHA1 and then crack them using John. However, John does not recognise the hashes and I get a No Hashes Found error. It works with SHA256, but I need PBKDF2-HMAC-SHA1. I have looked everywhere and have exhausted all my options. What is the correct format of PBKDF2-HMAC-SHA1 that is recognised by John and will let me crack it? Thanks in advance!

One Answer

It's definitely supported, and definitely one of these format names (one for CPU, and the other for GPU):

$ john --list=formats | tr ',' 'n' | grep PBKDF2 | grep SHA1
 PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA1-opencl

At this point, it sounds more likely that your method of generating PBKDF2-HMAC-SHA1 is the issue here. Have you tried your attack against a "known good" hash? One that's easy to grab and almost certain to work is the example that ships with John itself:

$ john --list=format-details --format=PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA1    125 16  128 01020003    22  PBKDF2-SHA1 128/128 AVX 4x  0x107   20  192 iteration count 0   $pbkdf2-hmac-sha1$1000.fd11cde0.27de197171e6d49fc5f55c9ef06c0d8751cd7250

... which should be crackable by dropping it into a file and running john against it:

$ cat test.hash
$pbkdf2-hmac-sha1$1000.fd11cde0.27de197171e6d49fc5f55c9ef06c0d8751cd7250

$ cat wordlist.txt 
3956

$ john --format=PBKDF2-HMAC-SHA1 --wordlist=wordlist.txt test.hash
-rwxr-xr-x 1 royce royce 24690360 Jun 16 14:50 /usr/local/src/sec/crack/john-latest/run/john
Using default input encoding: UTF-8
Loaded 1 password hash (PBKDF2-HMAC-SHA1 [PBKDF2-SHA1 128/128 AVX 4x])
Cost 1 (iteration count) is 1000 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidate left, minimum 16 needed for performance.
3956             (?)
1g 0:00:00:00 DONE (2020-07-25 05:40) 4.347g/s 4.347p/s 4.347c/s 4.347C/s 3956
Use the "--show --format=PBKDF2-HMAC-SHA1" options to display all of the cracked passwords reliably
Session completed. 

One common error is that, if you're trying to crack the hash on the command line directly and not attacking hashes within a file, depending on your operating system and shell, the '$' has special meaning to the shell (variable substitution) and results in the hash being mangled. Putting the hashes in a file, or putting appropriate quotes around the hash, or escaping the dollar signs (usually with a backslash), will address this issue.

If that's not it, then it's most likely that there's something wrong with how your hashes are being generated.

Correct answer by Royce Williams on December 22, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP