Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Sep 2012 00:48:58 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking Mountain Lion hashes (WIP)

On Mon, Sep 10, 2012 at 12:45:07AM +0400, Alexander Cherepanov wrote:
> On 2012-09-09 17:14, Dhiru Kholia wrote:
> > On Sat, Sep 8, 2012 at 11:52 PM, Lukas Odzioba <lukas.odzioba@...il.com> wrote:
> >> 2012/9/8 Lukas Odzioba <lukas.odzioba@...il.com>:
> >>> Grub's format is official and I think that we should not bother users
> >>> with something new.
> >>
> >> I suggest use format name pbkdf2-hmac-sha512 which will be able to
> >> reckognize grub's and osx's ciphertexts.
> > 
> > Code committed to magnum-jumbo. I have followed GRUB2 hash format.
> > 
> > Hash Format: $pbkdf2-hmac-sha512$iterations.salt.hash
> > 
> > ✗ ../run/john -fo:pbkdf2-hmac-sha512 -t # AMD X2 720 BE CPU
> > Benchmarking: GRUB2 / OS X 10.8 pbkdf2-hmac-sha512 [PBKDF2-SHA512
> > CPU]... (3xOMP) DONE
> > Raw:	40.7 c/s real, 13.7 c/s virtual
> 
> BTW: 
> 
> 1. This format doesn't accept grub hashes without editing but I'm sure
> you know it.
> 
> 
> 2. Don't know about Mac OS but grub can use salt and hash of any
> length:
> 
> $ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 1 -s 1 -c 1
> Enter password: 
> Reenter password: 
> Your PBKDF2 is grub.pbkdf2.sha512.1.04.03
> 
> $ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 10 -s 10 -c 10
> Enter password: 
> Reenter password: 
> Your PBKDF2 is grub.pbkdf2.sha512.10.7770CB048C520D65E7E6.AD1E405015FAB2A5AD25
> 
> $ echo -e "password\npassword" | grub-mkpasswd-pbkdf2 -l 100 -s 100 -c 100
> Enter password: 
> Reenter password: 
> Your PBKDF2 is grub.pbkdf2.sha512.100.7F9961001E42711B9D4D4472C81EBE4A24D2A9A28C5A3D1C6A9D253521C22BC0680137285779EB16B8824EC39E89452032908322B9790FC47D994500A27F8161AFCA039FDD4F48432446BBEDE9A845238A75C06464A6A103285DD3BB6D4DDD962BF44C84.60B74D445C9F0DF323C7E0D7340200EA8888AC1079597B5A1A8D2C76E364FB3004C0A364AABD36AF04098FAFAC91778C160217544F956AE52B2C25875D1203D3ACF3C6F8D5929B35BDB0AF644EA25F8B8EE329CE12AA71E47AFDC449CE147B24F7312F35
> 
> which your code doesn't seem to accommodate for. Don't know how
> popular it is and whether it's worth supporting.

I think variability of lengths is a common property for all PBKDF2
hashes so question in point #2 is not limited to only this format.

Should not all PBKDF2 hashes be done similarly?

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ