Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 09 Jul 2012 23:02:41 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: request for new dynamic subformats

Committed to magnum-jumbo and downstream. Actually I guess we could put
it in -fixes too, no?

magnum

On 2012-07-09 20:37, jfoug wrote:
> This patch should get the first 2 formats in.  I have not done the new files
> for the TS yet.  This patch should probably put in all branches.
> 
> Here are pass_gen.pl lines I am using, to build test strings, for anyone
> wanting to learn more about that tool.
> 
> ./pass_gen.pl  'dynamic=num=35,format=sha1($u.$c1.$p),usrname=uc,const1=:'
> and
> ./pass_gen.pl  'dynamic=num=36,format=sha1($u.$c1.$p),usrname=true,const1=:'
> 
> ManGOS will be dynamic_35 and ManGOS2 will be dynamic_36.  The only
> questions I have are the 'strtoupper' in dyna_35.  Are we going to have
> encoding issues here?  I am hopeful that dynamic has taken this into
> account, but I will have to audit it, to make 'sure' (the same will be for
> the strlower in the 3rd type).
> 
> Now, I have questions for type #3 and #4.  In these, they are a full SHA,
> but only a truncation gets stored to the file?  Is that truncation the first
> part of the SHA string, or the last?
> 
> Jim.
> 
>> From: Dhiru Kholia
>> 1. SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
>> Works for all private server projects that use the same hashing
>> method: trinity, ascent and others.
>>
>> 2. SHA-1(ManGOS2) = sha1($username.':'.$pass) # already supported?
>>
>> 3. sha1(strtolower($username).$pass)
>> Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
>> Used in SMF.
>> Length: 20 bytes.
>>
>> 4. sha1($salt.sha1($salt.sha1($pass))) # thick format already exits
>> Used in Woltlab BB.
>> Length: 20 bytes.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.