Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jun 2011 20:24:55 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: mscash2 tag + iteration count

JimF has nailed the salt-length problem *without* using the OpenSSL 
workaround and we are now finalizing some performance optimisations 
(current boost is 17-18% on my gear!). I think it would be wise to 
include the below change before releasing it:

The current mscash2 format (dcc2) use the same tagging (eg. in john.pot) 
as the older mscash format (dcc1). I think this is a bad thing. 
Furthermore, I believe the iteration count can be altered but it's 
currently not stored with the hash but hard-coded (with a #define) in 
mscash2_fmt.c.

- I propose we keep the old format for mscash (dcc1):

M$test1#64cd29e36a8431a2b111378564a10631


- I propose we use this new tag + iteration count for mscash2 (dcc2):

$DCC2$10240#test1#607bbe89611e37446e736f7856515bf8


We will probably be able to attack different iteration counts in the 
same run.

Anyone agreeing or disagreeing on this?

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ