Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Jan 2013 18:04:11 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Supporting different hash algorithms with a single format?

On Fri, Jan 4, 2013 at 5:38 PM, Frank Dittrich
<frank_dittrich@...mail.com> wrote:
> I don't know how many cases of a single format supporting completely
> different hash algorithms exist.
>
> I think mixing support of different hash algorithms in the same file is
> OK, if there are enough similarities.
> But it certainly would have been better to make this two separate
> formats, e.g.:
> -odf-sha1-bf "ODF SHA-1 Blowfish"
> -odf-sha256-aes "ODF SHA-256 AES"

I like the idea for multiple reasons but it will increase maintenance burden.

> The OpenCL version also claims to support "ODF SHA-1 Blowfish / SHA-256
> AES", but AFAIK, it currently just supports ODF SHA-1 Blowfish.
> I think, the format description should be corrected.
> If "ODF SHA-256 AES" will be added, this should be a separate format.

I noticed this earlier. I will fix it this weekend. "ODF SHA-256 AES
OpenCL" format is coming soon and will be separate.

> Other examples of mixed hash algorithms include:
> ssh
> ssh-ng
> BTW: sh and ssh_ng seem to support the same hash algorithm(s) and the
> same maximum password length.
> Should this be changed?

They do the same thing but they are way different. ssh-ng is totally
experimental and it hasn't been tested enough yet. So, comparisons
shouldn't be done between these two formats (as of now). Only
adventurous users should rely on ssh-ng ;)

> BTW2: The ssh format description (or, more precisely, the benchmark
> comment) is not even correct anymore:
> SSH RSA/DSA (one 2048-bit RSA and one 1024-bit DSA key)
> Since commit 87f0ed13, 3 more tests have been added to ssh (but not to
> ssh-ng).

Only the top two test vectors are used *multiple* times during
benchmarking, right?

> Are you aware of other formats mixing different hash algorithms?

episerver format does it too. It has speculative support for SHA256
hashes which I haven't seen being used in the real world.

-- 
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ