8

Is it possible to crack a password hashed using SSHA if I know the salt? How can I do it?

Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
user1028
  • 437
  • 4
  • 8
  • 14
  • Depending on the format, you might have to convert the hash/salt to/from hex/base64 for JtR or Hashcat to work on them. – Marcin Jan 16 '13 at 14:54

3 Answers3

10

SSHA, or more commonly known as salted SHA1 can be easily cracked with John the Ripper.

rook
  • 46,916
  • 10
  • 92
  • 181
  • as i know it is very hard to crack it because of salt. i used to crack md5, sha,... using online decryptors , but no online dycryptor for ssha – user1028 Jul 24 '12 at 17:27
  • 2
    @USER1028 haha, that is a funny one. I don't think you understand why a salt is used. SHA1 is a very fast hash function, this will crack very quickly. – rook Jul 24 '12 at 17:28
  • salt is something added to original password then it is hashed. salt used to make it hard to crack it ,right? – user1028 Jul 24 '12 at 17:31
  • 7
    @user1028 A salt is added for 2 reasons. 1, to prevent two passwords from yielding the same hash. 2, to prevent pre-computed attacks like rainbowtables. You can provide JTR the salt as an argument, so its is exactly the same speed as if it didn't have a salt. – rook Jul 24 '12 at 17:43
  • 2
    If you've got a GPU with OpenCL or CUDA support, you should use [oclHashcat](http://hashcat.net/) - it'll be hundreds of times faster than your CPU. – Polynomial Jul 25 '12 at 07:40
  • 1
    @Polynomial JTR has gpu support. – rook Jul 25 '12 at 17:03
3

SSHA is a variant of SHA-1 with a salt included in the computation. This algorithm is used in some LDAP servers and originally comes from a Netscape internal draft specification. There are apparently several variants; see this page for a description of one used by an Oracle product, and that page for some PHP code which purports to compute the same function. They differ by the size of the salt (64 bits vs 32 bits). However, they have the same structure: a single SHA-1 computation over the concatenation of the password and the salt, and some encoding on the resulting value (some Base64, with the salt, and a recognizable header).

The function is salted; that's good. This is effective against precomputed tables, in particular the much touted rainbow tables.

The function is not iterated; that's bad. For an attacker knowing the hash, "trying" a potential password is a matter of a single SHA-1 computation over a short input (less than the 64 bytes of an elementary internal SHA-1 block size), and that can be computed real fast. A single SHA-1 computation is about one thousand 32-bit operations. A basic x86 core will need 500 clock cycles for that (at most); with SSE2 opcodes, in the context of password cracking, this falls to about 200 clock cycles per SHA-1. Thus, a quad-core Core2 at 2.4 GHz will try 48 million passwords per second (that's what my code achieved, at least). A good GPU will be much better, since GPU are very good at 32-bit operations; one billion password hashes per second is a realistic figure.

There are not many passwords which resist cracking attempts which can try one billion passwords per second. Even famous methods for generating passwords with 44 bits of entropy will last two or three hours on average.

Community
  • 1
Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
1

U could also use, Cain and Able to crack password encrypted with that encryption algorithm.

Kreshnik Hasanaj
  • 121
  • 3