Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Sep 2012 00:45:07 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking Mountain Lion hashes (WIP)

On 2012-09-09 17:14, Dhiru Kholia wrote:
> On Sat, Sep 8, 2012 at 11:52 PM, Lukas Odzioba <lukas.odzioba@...il.com> wrote:
>> 2012/9/8 Lukas Odzioba <lukas.odzioba@...il.com>:
>>> Grub's format is official and I think that we should not bother users
>>> with something new.
>>
>> I suggest use format name pbkdf2-hmac-sha512 which will be able to
>> reckognize grub's and osx's ciphertexts.
> 
> Code committed to magnum-jumbo. I have followed GRUB2 hash format.
> 
> Hash Format: $pbkdf2-hmac-sha512$iterations.salt.hash
> 
> ✗ ../run/john -fo:pbkdf2-hmac-sha512 -t # AMD X2 720 BE CPU
> Benchmarking: GRUB2 / OS X 10.8 pbkdf2-hmac-sha512 [PBKDF2-SHA512
> CPU]... (3xOMP) DONE
> Raw:	40.7 c/s real, 13.7 c/s virtual

BTW: 

1. This format doesn't accept grub hashes without editing but I'm sure
you know it.


2. Don't know about Mac OS but grub can use salt and hash of any
length:

$ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 1 -s 1 -c 1
Enter password: 
Reenter password: 
Your PBKDF2 is grub.pbkdf2.sha512.1.04.03

$ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 10 -s 10 -c 10
Enter password: 
Reenter password: 
Your PBKDF2 is grub.pbkdf2.sha512.10.7770CB048C520D65E7E6.AD1E405015FAB2A5AD25

$ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 100 -s 100 -c 100
Enter password: 
Reenter password: 
Your PBKDF2 is grub.pbkdf2.sha512.100.7F9961001E42711B9D4D4472C81EBE4A24D2A9A28C5A3D1C6A9D253521C22BC0680137285779EB16B8824EC39E89452032908322B9790FC47D994500A27F8161AFCA039FDD4F48432446BBEDE9A845238A75C06464A6A103285DD3BB6D4DDD962BF44C84.60B74D445C9F0DF323C7E0D7340200EA8888AC1079597B5A1A8D2C76E364FB3004C0A364AABD36AF04098FAFAC91778C160217544F956AE52B2C25875D1203D3ACF3C6F8D5929B35BDB0AF644EA25F8B8EE329CE12AA71E47AFDC449CE147B24F7312F35

which your code doesn't seem to accommodate for. Don't know how
popular it is and whether it's worth supporting.


3. Just found that passlib supports plain pbkdf2_sha512 (in
addition to grub_pbkdf2_sha512). It looks like this:

>>> import passlib.hash
>>> passlib.hash.pbkdf2_sha512.encrypt("password")
'$pbkdf2-sha512$6400$Y2wNgZByDgGgFEIIYay1Ng$y2Epfl7fAwx7v.Zw9hNnEKCfGmWvFZoF.dQMfjhjnM.sSmDI7yXRe8JcqrdPdf5nbFEgMBWSY2cPW1stdtD3oA'

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ