1

I'm currently doing some research on a pretty huge list of hashes (approx. 2 millions) and thus I'd like to improve my cracking speed. The hash format is 12 rounds of SHA512(password + salt), which could be written like this: sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512($p.$s)))))))))))).

I wrote a dynamic format for use with John the ripper:

[List.Generic:dynamic_3000]
Expression=dynamic=sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512(sha512($p.$s))))))))))))
#  Flags for this format
Flag=MGF_FLAT_BUFFERS
Flag=MGF_SALTED
Flag=MGF_INPUT_64_BYTE
#  Lengths used in this format
SaltLen=20
MaxInputLenX86=110
MaxInputLen=110
#  The functions in the script
Func=DynamicFunc__clean_input_kwik
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_salt
Func=DynamicFunc__SHA512_crypt_input1_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_overwrite_input2
Func=DynamicFunc__SHA512_crypt_input2_to_output1_FINAL

Doing john --format=dynamic_3000 --test=10 gives this result:

Many salts:     403397 c/s real, 403089 c/s virtual
Only one salt:  392575 c/s real, 392664 c/s virtual

When using my dynamic format with a pretty huge list of passwords (14M) on my 2M list of hashes, John gets to crack ~10K hashes in >10 minutes (using --fork with the maximum number of cores on my machine for 100% CPU usage).

I got to the same point in just < 2 minutes using MDXfind with this:

mdxfind -h SHA512PASSSALT -i 12 -f 2Mhashes.txt -s 2Msalts.txt 14Mpassword.txt

My questions are:

  • Is there any way to improve my cracking speed using John? Maybe some other flags could be used? I'd like to stick with John for convenience (sessions etc).
  • Is there any way to improve speed via GPU? There seems to be no support for my specific use case with John (although there is raw-SHA512-opencl format). And I don't have the skillset required to write a custom hashcat kernel.

Any help would be greatly appreciated!

Lo Bellin
  • 111
  • 2
  • JtR's dynamic formats are, by definition, assembled from components - and not optimized for the target hash types. On CPU, unless someone contributes optimized code to JtR, you're not likely to get faster performance than MDXfind for a given hash type. – Royce Williams Mar 08 '21 at 04:24

0 Answers0