Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Feb 2013 03:12:01 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: AIX password hashes

On 16 Feb, 2013, at 2:28 , Frank Dittrich <frank_dittrich@...mail.com> wrote:

> On 02/16/2013 12:32 AM, magnum wrote:
>> I have a feeling the "hard" part of figuring out the AIX hashes is to establish the exact encoding scheme. 
> 
> 
> I think there is also some broken magic used. Without reverse
> engineering he algorithm, more samples might help,
> 
> In addition to the ones in
> http://www.openwall.com/lists/john-users/2013/02/15/2
> we might need some more.
> 
> First, a
> ./AIXtest ... | wc -l

I believe this will just produce 100,000 DES hashes with random salt.

> Then, the may be the top 100 hashes of those broken formats, but not
> just the ones which have a '...' sequence in the hash.
> ...

I think we're looking at the simplest algorithm you can imagine (iterate 2^N over pass.salt) and the only real obstacle is the encoding. I can't imagine any more test that would help. The {smd5} timings are curious though. I think they indicate it could be pretty much like normal crypt MD5.

magnum


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ