Hello!
keyring2john does not extract correct hash if an entry has been added to the keyring (tested on MXLinux).
Creating a brand new keyring with password "seahorse", no entries:
python keyring2john.py seahorse.keyring
$keyring$87ca31c1d80f5d2e17541604f00f36522e60560e5be78f465dfed48
john --format=keyring seahorse.keyring.hash.txt --wordlist="password.txt"
Using default input encoding: UTF-8
Loaded 1 password hash (keyring, GNOME Keyring [SHA256 AES 256/256 AVX2 8x])
Cost 1 (iteration count) is 1754 for all loaded hashes
Will run 32 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Warning: Only 1 candidate buffered, minimum 256 needed for performance.
seahorse (?)
1g 0:00:00:00 DONE (2026-03-11 09:56) 6.802g/s 6.802p/s 6.802c/s 6.802C/s seahorse
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
This cracks successfully.
Added a password entry to the above keyring and run keyring2john again:
$keyring$1aa39e58c9ee9c35*2923*16*0*00000002000000010000000a7864673a
Hash does not crack, the script is not pulling out the correct ciphertext and length (the salt and iteration is correct):
The above image shows the correct ciphertext to extract (basically looking for the last 00 00 followed by 2 bytes, after that is ciphertext). Initially I thought the 4th byte denoted the length of the ciphertext, calculating it matches for 1 or 2 passwords but after that does not appear to be the same).
Amending the hash to use the full cipher and size of ciphertext / 2 for length, gives:
$keyring$1aa39e58c9ee9c35*2923*256*0*97ac4f27a49050e9ed4970ff291c8975227034f5578c6b45951115f9bc780f4b81fe2ed50313f1ed942fc925cd22d5388c8ebdf46918354de000479500808abc4210cbc38cc0face822503ed2864004bbe817bb111d02251f652f5a0bb702b07eae214964c697ac699b824f1d35fdb0d689a789a59a9b561cf0f724d56a5795d
Which now cracks:
Using default input encoding: UTF-8
Loaded 1 password hash (keyring, GNOME Keyring [SHA256 AES 256/256 AVX2 8x])
Cost 1 (iteration count) is 2923 for all loaded hashes
Will run 32 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Warning: Only 1 candidate buffered, minimum 256 needed for performance.
seahorse (?)
1g 0:00:00:00 DONE (2026-03-11 10:10) 20.00g/s 20.00p/s 20.00c/s 20.00C/s seahorse
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
This seems to work up to 5 entries in the keyring. Adding a 5th, it no longer works:
Using keyring2john to generate the inital hash and then amending the relevant parts:
$keyring$93fbc20d5555d24d*3432*592*0*e237c2f1e9bc7e661f0d4fdf291eacf61c485d9f2d636904beb181d3394193bc6cbf4abe6199baa8353305f7a4a1c8941808ab7cb02540f2ee2be458173afa2f1c77f95365f2f4fe901d4c56eb0fe7c3224cbe35208f6292a8b2761a4457c91f74f1efa06680c0ebc5ad62d25ac2e1d1b8e7a85b3a7d16444613f032f1a09e27652d801d7e5714edaadce33d83e1a57d470fd8e9fb8054372fa94f79b67c5d7007ed332067710070d24c43c87c404eef42162ced07f276c3328dc3a984da6e3ecf10631b03c72a10fa81c2004248c6918c5aad76f73331ddbd5c2e3cf28a7ab253dabc5d71a44c1ccbca488822e966e5b79804229c34db97c4c07dfdf5dd383d01f3e60a5eb187b08a36d2f80a306fde4485ee8bb69672d2956e37f6a28d8e4661f9fd6ba5a3a99e5721a489b323430696283e6f887c3e952e9f34702960b4a345aa5330f982bdad5c9cd76ea16a37be172806475a388614bf154821d7752f9c8339fc4d2f66e0106137ad012e9b79b58d99d3e7a1f54c376bc55dbf5e1669f8dd04b74c3ce3ee47abee3b5874f6958d1ecffd5bc878ef541d1286835d686c26b8c983399b95257a503ffb067c3ffed2fd0347ea13232fc3a2d932963e8eef74984c582b111f8588fac80fc318c242a8a803c3b66dd1572b9715d5d3eaf05bb4631c2798fcfaa3afc3e0dcbeee2400ea960d7fcfc1a050e4b7014cf842478ee1f4736fc44546499b55d15bfecfcb9bc97f9594739b4408ab95b861ba66c06025d0d1a840f489661b28ad6631a97caff316df73fcfe790f39b53ed861f7934d78ca11adf718fab34d19c967c8526ad323
But hash now fails to load:
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)
Is this a limitation of the keyring module to not accept hashes over certain length? If so, is this something that could easily be updated?
Attached are the keyrings (original, one entry added, five entries added).
seahorse.zip
Any help is much appreciated with getting it to work :)
Hello!
keyring2john does not extract correct hash if an entry has been added to the keyring (tested on MXLinux).
Creating a brand new keyring with password "seahorse", no entries:
This cracks successfully.
Added a password entry to the above keyring and run keyring2john again:
$keyring$1aa39e58c9ee9c35*2923*16*0*00000002000000010000000a7864673aHash does not crack, the script is not pulling out the correct ciphertext and length (the salt and iteration is correct):
The above image shows the correct ciphertext to extract (basically looking for the last 00 00 followed by 2 bytes, after that is ciphertext). Initially I thought the 4th byte denoted the length of the ciphertext, calculating it matches for 1 or 2 passwords but after that does not appear to be the same).
Amending the hash to use the full cipher and size of ciphertext / 2 for length, gives:
$keyring$1aa39e58c9ee9c35*2923*256*0*97ac4f27a49050e9ed4970ff291c8975227034f5578c6b45951115f9bc780f4b81fe2ed50313f1ed942fc925cd22d5388c8ebdf46918354de000479500808abc4210cbc38cc0face822503ed2864004bbe817bb111d02251f652f5a0bb702b07eae214964c697ac699b824f1d35fdb0d689a789a59a9b561cf0f724d56a5795dWhich now cracks:
This seems to work up to 5 entries in the keyring. Adding a 5th, it no longer works:
Using keyring2john to generate the inital hash and then amending the relevant parts:
$keyring$93fbc20d5555d24d*3432*592*0*e237c2f1e9bc7e661f0d4fdf291eacf61c485d9f2d636904beb181d3394193bc6cbf4abe6199baa8353305f7a4a1c8941808ab7cb02540f2ee2be458173afa2f1c77f95365f2f4fe901d4c56eb0fe7c3224cbe35208f6292a8b2761a4457c91f74f1efa06680c0ebc5ad62d25ac2e1d1b8e7a85b3a7d16444613f032f1a09e27652d801d7e5714edaadce33d83e1a57d470fd8e9fb8054372fa94f79b67c5d7007ed332067710070d24c43c87c404eef42162ced07f276c3328dc3a984da6e3ecf10631b03c72a10fa81c2004248c6918c5aad76f73331ddbd5c2e3cf28a7ab253dabc5d71a44c1ccbca488822e966e5b79804229c34db97c4c07dfdf5dd383d01f3e60a5eb187b08a36d2f80a306fde4485ee8bb69672d2956e37f6a28d8e4661f9fd6ba5a3a99e5721a489b323430696283e6f887c3e952e9f34702960b4a345aa5330f982bdad5c9cd76ea16a37be172806475a388614bf154821d7752f9c8339fc4d2f66e0106137ad012e9b79b58d99d3e7a1f54c376bc55dbf5e1669f8dd04b74c3ce3ee47abee3b5874f6958d1ecffd5bc878ef541d1286835d686c26b8c983399b95257a503ffb067c3ffed2fd0347ea13232fc3a2d932963e8eef74984c582b111f8588fac80fc318c242a8a803c3b66dd1572b9715d5d3eaf05bb4631c2798fcfaa3afc3e0dcbeee2400ea960d7fcfc1a050e4b7014cf842478ee1f4736fc44546499b55d15bfecfcb9bc97f9594739b4408ab95b861ba66c06025d0d1a840f489661b28ad6631a97caff316df73fcfe790f39b53ed861f7934d78ca11adf718fab34d19c967c8526ad323But hash now fails to load:
Is this a limitation of the keyring module to not accept hashes over certain length? If so, is this something that could easily be updated?
Attached are the keyrings (original, one entry added, five entries added).
seahorse.zip
Any help is much appreciated with getting it to work :)