blob: 035e5e99632aa5aa67f37f06e5d3707d81eb4689 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
====
Todo
====
Internal Changes
----------------
* C extensions to speed up some implementations
* py3k support
Other Hash Formats
------------------
* FSHP (a pbkdf1 variant)
https://github.com/bdd/fshp
* rfc2307 format hashes
http://tools.ietf.org/html/rfc2307
* Mac OSX hash formats
* SCrypt
http://www.tarsnap.com/scrypt.html
https://bitbucket.org/mhallin/py-scrypt/src
Notes on various hash formats
=============================
LDAP
----
still trying to verify if {CRYPT} can contain other formats besides des-crypt
(eg, md5-crypt etc). see some references to {CRYPT}$1$
this page http://www.ldapexplorer.com/en/manual/107070207-editor-password.htm
has a longer list than some, but no sample hashes, so can't verify formats.
that page also implies some systems support variable length salts for SSHA etc.
currently implementation is locked at 4 bytes.
Cisco PIX
---------
sample hashes found - http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441
8Ry2YjIyt7RRXU24 ''
2KFQnbNIdI.2KYOU 'cisco'
hN7LzeyYjw12FSIU 'john'/'cisco'
7DrfeZ7cyOj/PslD 'jack'/'cisco'
alg
secret+user
truncate/pad-right-null to 16 bytes
md5().digest()
h64 encode
todo: get some samples w/ passwords longer than 16 chars to verify
Mac OSX
-------
Summary of info from http://www.dribin.org/dave/blog/archives/2006/04/28/os_x_passwords_2/
osx < 10.2 used /etc/passwd w/ DES-CRYPT
osx 10.3 hash file (passwd "macintosh")
D47F3AF827A48F7DFA4F2C1F12D68CD6 <-- nthash
08460EB13C5CA0C4CA9516712F7FED95 <-- lmhash
01424f955c11f92efef0b79d7fa3fb6be56a9f99 <-- sha1
osx 10.4 hash file (passwd "macintosh")
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
000000000E6A48F765D0FFFFF6247FA80D748E615F91DD0C7431E4D9000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000000000000000\
0000000000000000000000000000000000000000
offset 0-64 - nt hash + lm hash OR all zeros
offset 64 - 40 chars - raw sha1 password OR all zeroes (if from upgraded from 10.3)
offset 169-216 ( 48 chars) - salted sha1 hash - unhex first 8 chars + password | sha1 -> hexdigest
|
