Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Feb 2013 04:53:44 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: sha512crypt formats matching salt detection bug

On Fri, Feb 08, 2013 at 10:50:17PM -0200, Claudio Andr? wrote:
> Is there a minimun number of rounds? I mean, is 999 the mininum rounds 
> allowed by some spec?

1000 is the minimum per Ulrich's original spec (SHA-crypt.txt and
reference implementations of sha512crypt and sha256crypt).  However,
apparently IBM deviated from that.  Apparently, it's a minimum of 16
there.

We should support any number of rounds, starting with 1.

Anyhow, the bug that I reported has nothing to do with specific round
counts.  It's about including the round counts in "salts".

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ