Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 01:02:36 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: salt_hash // Public domain hash function by DJ Bernstein

On 21 Jan, 2013, at 0:29 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> Another candidate to create a commonly used function to common.h (adding
> a parameter for SALT_SIZE), and reuse it? Or should it be moved
> somewhere else?
> 
> $ git grep -A 1 Bernstein|grep -v -- --
> (...)

You mean something like:

void *hash(void *input, int *len);

With output aligned at ARCH_WORD and not assuming alignment for input, it could be usable for many formats.

> I guess this is stuff that can wait until the next jumbo version is
> released.

Definitly. I added that Bernstein hash function to JtR and tweaked it (there are numerous variants with subtle differences) and verified it for a couple of formats. For very short lengths, some hash functions are better than others. We are sometimes hashing some kind of binary data, sometimes ASCII (eg. usernames) and sometimes UTF-16 (likely with half of the octets being zero). So a shared function might not suit all uses.

BTW, some formats have a seriously skewed salt distribution. MSSQL is one, I have a feeling there is a timestamp involved. Obviously, a 32-bit binary salt like that one does not need a hash function if it's really random - you could just return 12 bits from it as-is. But using this hash function we got a whole lot better spread. I think that was where this Bernstein function was introduced first.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ