Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 02 Jan 2013 00:52:14 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: A few questions regarding the newly added BLAKE2 format

On Wednesday 02 January 2013 12:37 AM, Frank Dittrich wrote:
> I commented on the recent commit "Add support for BLAKE2 hash function
> (https://blake2.net/)", 2620ccc0394051a2e34ac4873fb905d2af18f9ce, on
> github, but magnum suggested to take this discussion to john-dev or
> john-users, so here we go:
>
> Is BLAKE2 really used as a password hash algorithm? If so, where?

JtR is getting ready for future hashing schemes ;). Well hashcat 
recently did Keccak support which isn't used
anywhere (you could argue that it is the official SHA3 though).


> Should we really allow newly added formats to treat ambiguous hashes as
> valid?
> The hash
> 4245af08b46fbb290222ab8a68613621d92ce78577152d712467742417ebc1153668f1c9e1ec1e152a32a9c242dc686d175e087906377f0c483c5be2cb68953e
> is considered as valid by raw-sha512 and more than 20 dynamic formats.
>   

I don't like "raw" hashes (hashes without leading FORMAT_TAG) much. If 
magnum agrees, I can remove support for them
from BLAKE2 format.


Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ