Path to this page:
Subject: CVS commit: pkgsrc/security/hashcat
From: Adam Ciarcinski
Date: 2022-09-05 13:13:56
Message id: 20220905111357.08F11FA90@cvs.NetBSD.org
Log Message:
hashcat: updated to 6.2.6
changes v6.2.5 -> v6.2.6
Algorithms
- Added hash-mode: Amazon AWS4-HMAC-SHA256
- Added hash-mode: Bitcoin WIF private key (P2PKH)
- Added hash-mode: Bitcoin WIF private key (P2SH(P2WPKH))
- Added hash-mode: Bitcoin WIF private key (P2WPKH, Bech32)
- Added hash-mode: BLAKE2b-512($pass.$salt)
- Added hash-mode: BLAKE2b-512($salt.$pass)
- Added hash-mode: DPAPI masterkey file v1 (context 3)
- Added hash-mode: DPAPI masterkey file v2 (context 3)
- Added hash-mode: Exodus Desktop Wallet (scrypt)
- Added hash-mode: Flask session cookie
- Added hash-mode: KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode
- Added hash-mode: Kerberos 5, etype 17, DB
- Added hash-mode: Kerberos 5, etype 18, DB
- Added hash-mode: PostgreSQL SCRAM-SHA-256
- Added hash-mode: Radmin3
- Added hash-mode: Teamspeak 3 (channel hash)
- Added hash-mode: Terra Station Wallet (AES256-CBC(PBKDF2($pass)))
- Added hash-mode: bcrypt(sha512($pass)) / bcryptsha512
- Added hash-mode: md5(sha1($pass).$salt)
- Added hash-mode: sha1($salt.sha1(utf16le($username).':'.utf16le($pass)))
- Added hash-mode: sha256($salt.sha256_bin($pass))
Features
- Added new backend support for Metal, the OpenCL replacement API on Apple
- Added support to building universal macOS binary on Apple Silicon
- Added support to use --debug-mode in attack-mode 9 (Association Attack)
- Added hex encoding format for --separator option
- Added password candidates range to --status-json output
- Added parameter to Bitwarden mode for second iteration count
- Added support to use 'John the Ripper' hash format with hash-type 13100
- Added support to use 'John the Ripper' hash format with hash-type 18200
- Added the hash extraction scripts from the tools folder also to beta/release \
versions
- Added user advice if a hash throws 'token length exception'
- Added tunings/ folder in order to replace hashcat.hctune. Configuration files \
with *.hctune suffix are automatically load on startup
Bugs
- Fixed accepted salt length by PKCS#8 Private Keys modules
- Fixed autodetect memory allocation for temporary hashes for LUKS v1 (legacy) \
in --identify mode
- Fixed backend active devices checks
- Fixed building error on Raspberry Pi
- Fixed display problem of incorrect negative values in case of large numbers
- Fixed display problem of the "Optimizers applied" list for \
algorithms using Register-Limit
- Fixed example password output of --hash-info: force uppercase if \
OPTS_TYPE_PT_UPPER is set
- Fixed false negative on hash-type 27800 if using vector width greater than 1 \
and -a 3
- Fixed false negative on hash-types 4510 and 4710 for hashes with long salts
- Fixed false negative on hash-types 8900, 15700, 22700, 27700 and 28200 if \
using the HIP backend
- Fixed false negative on Unit Test in case of out-of-memory with grep in single mode
- Fixed false negative on Unit Test with hash-type 25400
- Fixed functional error when nonce-error-corrections that were set on the \
command line in hash-mode 22000/22001 were not accepted
- Fixed handling of devices in benchmark mode for "kernel build \
error". Instead of canceling, skip the device and move on to the next
- Fixed handling of password candidates that are shorter than the minimum \
password length in Association Attack
- Fixed invalid handling of keyfiles in Keepass if transf_random_seed doesn't change
- Fixed memory leak in CPU rule engine
- Fixed method of how OPTS_TYPE_AUX* kernels are called in an association \
attack, for example in WPA/WPA2 kernel
- Fixed missing option flag OPTS_TYPE_SUGGEST_KG for hash-mode 11600 to inform \
the user about possible false positives in this mode
- Fixed optimized (-O) candidate generation with --stdout and -a 7
- Fixed password limit in optimized kernel for hash-mode 10700
- Fixed password reassembling function reporting an incorrect candidate in some \
cases when the correct candidate has zero length
- Fixed undefined function call to hc_byte_perm_S() in hash-mode 17010 on \
non-CUDA compute devices
- Fixed unit test early exit on luks test file download/extract failure
- Fixed unit test false negative if there are spaces in the filesystem path to \
hashcat
- Fixed unit test salt-max in case of optimized kernel, with hash-type 22 and 23
- Fixed usage of --rule-right (-k) in -a 7 with optimized (-O) kernels
- Fixed wordlist handling in -m 3000 when candidate passwords use the $HEX[...] \
syntax
Technical
- AMD Driver: Updated requirements for AMD Linux drivers to "AMDGPU" \
(21.50 or later) and "ROCm" (5.0 or later)
- AMD Driver: Updated requirements for AMD Windows drivers to "AMD \
Adrenalin Edition" (Adrenalin 22.5.1 exactly)
- Association Attack: Enable module specific pw_min and pw_max settings to avoid \
false positives in -a 9 attack-mode
- Autotune: Added error handling. By default skipping device on error, with \
--force using accel/loops/threads min values instead
- Backend: improved management of systems with multiple OpenCL platforms
- Backend Info: Added folder_config info to output
- Backend Info: Added generic system info to output (must be completed on \
Windows side)
- Backend Info: Added local memory size to output
- Backend: with kernel build options, switch from -I to -D INCLUDE_PATH, in \
order to support Apple Metal runtime
- Command Line: Disallow combinations of some options. for instance, using -t in \
-a 0 mode
- CUDA Backend: moved functions to ext_cuda.c/ext_nvrtc.c and includes to \
ext_cuda.h/ext_nvrtc.h
- Debug Rules: Set --debug-file to $session.debugfile if --debug-mode was set by \
the user and --debug-file was not set
- Hardware Monitor: Add support for GPU device utilization readings using iokit \
on Apple Silicon (OpenCL and Metal)
- Hash Info: show more information (Updated Hash-Format. Added Autodetect, \
Self-Test, Potfile and Plaintext encoding)
- HIP Backend: moved functions to ext_hip.c/ext_hiprtc.c and includes to \
ext_hip.h/ext_hiprtc.h
- HIP Backend: removed unused functions from hiprtc to workaroung missing \
function symbols on windows dll
- Kernels: Refactored standard kernel declaration to use a structure holding \
u32/u64 attributes to reduce the number of attributes
- Kernels: Refactored standard kernel includes, KERN_ATTR macros and RC4 cipher \
functions, in order to support Apple Metal runtime
- Kernels: Set the default Address Space Qualifier for any pointer, in order to \
support Apple Metal runtime
- Logfile: Write per-session "recovered new" value to logfile
- Makefile: updated MACOSX_DEPLOYMENT_TARGET to 10.15 and removed OpenCL \
framework from LFLAGS_NATIVE on MacOS
- Metal Runtime: added support for vectors up to 4
- Modules: Added suffix *legacy* to old TrueCrypt modules (6211-6243)
- Modules: Added suffix *legacy* to old VeraCrypt modules (13711-13783)
- Modules: Added support of a custom charset setting for benchmarks to the \
module interface
- Modules: New LUKS v1 modules (29511-29543) which do not use \
`module_hash_binary_parse` to get data from containers anymore (use new tool \
`tools/luks2hashcat.py`)
- Modules: New TrueCrypt modules (29311-29343) which do not use \
`module_hash_binary_parse` to get data from containers anymore (use new tool \
`tools/truecrypt2hashcat.py`)
- Modules: New VeraCrypt modules (29411-29483) which do not use \
`module_hash_binary_parse` to get data from containers anymore (use new tool \
`tools/veracrypt2hashcat.py`)
- Modules: Renamed old LUKS module into LUKS v1 and added suffix *legacy* (14600)
- OpenCL Backend: added workaround to make optimized kernels work on Apple Silicon
- OpenCL Backend: moved functions to ext_OpenCL.c and includes to ext_OpenCL.h
- OpenCL Backend: show device_type in device list info on Apple Silicon
- OpenCL Kernel: Set native_threads to 32 on Apple GPU's for various hash-modes
- OpenCL Runtime: Added support to use Apple Silicon compute devices
- OpenCL Runtime: Add some unstable warnings detected on macOS
- OpenCL Runtime: Set default device-type to GPU with Apple Silicon compute devices
- Restore: Restore timer is decreased from 60 seconds to 1 second, but only \
updates if there's actually a change compared to previous data written to \
restore file
- Rules: Add new rulesets from T0XlC: T0XlCv2, T0XlC_3_rule, \
T0XlC_insert_HTLM_entities_0_Z
- Rules: Add support to include source wordlist in debugging format
- Rules: Update hand-written rulesets to covers years up to 2029
- Status code: updated negative status code (added kernel create failure and resync)
- Status code: updated negative status code, usefull in Unit tests engine (test.sh)
- Terminal: Increased size of hash name column in `--help` and `--identify` options
- Terminal: Limit output length of example hash in --example-hash mode to 200. \
Use --mach to see full example hash
- Terminal: show empty OpenCL platforms only in backend information mode
- Tuning Database: Added a warning if a module implements \
module_extra_tuningdb_block but the installed computing device is not found
- Unit tests: added -r (--runtime) option
- Unit tests: handle negative status code, skip deprecated hash-types, skip \
hash-types with known perl modules issues, updated output
- Unit tests: Updated test.sh to set default device-type to CPU with Apple Intel \
and added -f (--force) option
- Usage Screen: On windows console, wait for any keypress if usage_mini_print() \
is used
- User Options: Add new module function module_hash_decode_postprocess() to \
override hash specific configurations from command line
- User Options: Change --backend-info/-I option type, from bool to uint
- Workflow: Added basic workflow for GitHub Actions
Files: