kwallet2john.py: Produce truncated "hashes"

solardiz · solardiz · commit d5c9a8256f36 · 2025-11-02T05:12:45.000+01:00
diff --git a/doc/NEWS b/doc/NEWS
@@ -467,6 +467,9 @@ Major changes from 1.9.0-jumbo-1 (May 2019) in this bleeding-edge version:
 - KWallet format bug fix of the old KDF (ancient wallets) for password lengths
   that are multiples of 16 or longer than 48.  [Solar, exploide; 2025]
 
+- KWallet format and kwallet2john.py: Support and produce truncated "hashes"
+  that do not contain the actual encrypted data.  [Solar; 2025]
+
 
 Major changes from 1.8.0-jumbo-1 (December 2014) to 1.9.0-jumbo-1 (May 2019):
 
diff --git a/run/kwallet2john.py b/run/kwallet2john.py
@@ -103,6 +103,12 @@ def process_file(filename):
         sys.stderr.write("%s : invalid file structure!\n" % filename)
         sys.exit(7)
 
+    # Don't reveal most of the actual content.  We only need 64 bytes, but
+    # truncate at 65 to avoid false auto-detection as the "leet" format.
+    # Comment out the below line if you need a "hash" for an older version of
+    # John the Ripper (before Nov 2025).
+    encrypted = encrypted[:65]
+
     if new_version:
         # read salt
         salt_filename = os.path.splitext(filename)[0] + ".salt"
diff --git a/src/kwallet_fmt_plug.c b/src/kwallet_fmt_plug.c
@@ -321,10 +321,6 @@ static int verify_key_body(unsigned char *key, int key_size, int not_even_wrong)
 	 * Potential optimization:
 	 * Most of the time we could decrypt just one block containing fsize,
 	 * and occasionally bytes 8 to 63, not the whole thing.
-	 * Potential security enhancement:
-	 * We could also revise the 2john script to omit the actual data and
-	 * SHA-1 (everything after initial 64 bytes), but this would be a
-	 * "hash" format change.
 	 */
 	if (cur_salt->kwallet_minor_version == 0) {
 		BF_set_key(&bf_key, key_size, key);
