Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 02:10:44 -0700
From: <atom@...hcat.net>
To: "Per Thorsheim" <per@...rsheim.net>,
  "solar@...nwall.com" <solar@...nwall.com>
Cc: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: RE: Change episerver format name?

Hey Guys,

we can do that, but in this case the signature in the hash should
change, too.

Currently the algorithm used is configured by the attribute following
the signature. So it would make more sense to rename it from $episerver$
to $msnet$ not $msnet-sha1$

The hash would change from:

$episerver$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword

to:

$msnet$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword



--
atom

email: atom@...hcat.net
web: http://hashcat.net/


> -------- Original Message --------
> Subject: Change episerver format name?
> From: Per Thorsheim <per@...rsheim.net>
> Date: Thu, June 28, 2012 9:43 pm
> To: "atom@...hcat.net" <atom@...hcat.net>, "solar@...nwall.com"
> <solar@...nwall.com>
> Cc: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
> 
> 
> Hashcat and JtR currently refers to the name 'episerver', based on old & deprecated format in john, as well as the new format based on work @ hashcat forum & this list.
> 
> After the latest blog post from Troy Hunt (http://www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html), I think it should be renamed into something like MSNET-SHA1. After all episerver uses whatever .NET has been configured to use, which could be sha1, sha2-*, pbkdf2 etc. Episerver by itself doesn't have any password algorithms.
> 
> Best regards,
> Per Thorsheim

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ