Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Jun 2012 14:18:51 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: raw-sha1_li

On 06/26/2012 12:12 PM, Andries E. Brouwer wrote:
>> In this format, we 'could' remove the raw-sha1_LI, and simply change
>> raw-sha1 to behave like this.
> 
> There are two entirely different hashes:
> 1. raw-sha1
> 2. raw-sha1 followed by zeroing the first 20 bits
> 
> They should have different names since they differ.
> For example, the linkedin dump contains the hashes
> 
> a96807e7bd710592ee36264a72d6aa35c2d165f9
> 000007e7bd710592ee36264a72d6aa35c2d165f9
> 
> Now sunshine09 has sha1sum
> 
> 3b1787e7bd710592ee36264a72d6aa35c2d165f9

Interesting.

If a96807e7bd710592ee36264a72d6aa35c2d165f9 really is a hash of a real
password, this probably means raw-sha1-linkedin needs the FMT_NOT_EXACT
flag set.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.