Netscape Directory (LDAP) Server SHA password support for John the Ripper 1.6
This patch adds the functionality necessary for John
the Ripper password cracker to tackle passwords hashed using the SHA1 algorithm. SHA1
in itself is a pretty fast message digest algorithm; Netscape's implementation only uses
one hash operation and a base64 conversion, so bruteforcing is definately possible.
This code has been updated to support salted (SSHA) passwords as well.
A sample test run:
Benchmarking: Netscape LDAP SSHA [SHA1]... DONE
Raw: 1000598 c/s real, 1004616 c/s virtual
Benchmarking: Netscape LDAP SHA [SHA1]... DONE
Raw: 1288355 c/s real, 1296131 c/s virtual
Benchmarking: Standard DES [48/64 4K]... DONE
Many salts: 221388 c/s real, 222277 c/s virtual
Only one salt: 207436 c/s real, 208269 c/s virtual
Benchmarking: BSDI DES (x725) [48/64 4K]... DONE
Many salts: 7491 c/s real, 7506 c/s virtual
Only one salt: 7454 c/s real, 7484 c/s virtual
Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 3782 c/s real, 3790 c/s virtual
Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw: 226 c/s real, 227 c/s virtual
Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
Short: 198400 c/s real, 198400 c/s virtual
Long: 462028 c/s real, 465754 c/s virtual
Benchmarking: NT LM DES [48/64 4K]... DONE
Raw: 1578252 c/s real, 1584591 c/s virtual
Limitations/Bugs:
- It is not optimized; The SHA1 message digest code is straight from OpenSSL, and a full
message digest is computed for every attempt. It doesn't seem to be worth optimizing
since {SHA} completes very quickly.
Download
john-1.6-nsldaps4.diff
Miscellaneous
- Documentation on the password hashing technique is
here
- A ulitity to dump passwords from LDAP in BSD /etc/passwd for John to munch:
sha-dump.pl
Needs perl and
Net::LDAP.
- A ulitity to generate sample {SHA} passwords from a dictionary file:
sha-test.pl
- A quick hack to produce a BSD-style password file from an LDIF file:
ldif2pw.pl
Any bugs, inaccuracies, blame me.
Back
$Id: index.html,v 1.6 2004/10/22 01:40:42 kos Exp $