Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Apr 2013 11:37:47 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: formats that duplicate dynamics

On 2013-04-22 07:27, Solar Designer wrote:
> On Mon, Apr 22, 2013 at 07:24:05AM +0400, Alexander Cherepanov wrote:
>> On 2013-01-27 06:35, Solar Designer wrote:
>>> The "postgre" format at the very least needs to be renamed from the
>>> ridiculous "postgre" to "postgres".  This includes the filename,
>>> FORMAT_LABEL, and the "$postgre$" prefix string.
>>
>> BTW is postgres is even a good name for it? Isn't it better to leave it
>> for plain postgresql hashes and net-postgres (or something) for
>> PostgreSQL MD5 challenge-response. But maybe it's too late to change it...
>
> You may be right, or maybe we don't need a separate format for this
> since it's implementable as a dynamic format (and might match an already
> defined one, even).
 >
> What are "plain postgresql hashes", though?  Are we supporting them now,
> and under what name?

I mean hashes as they are stored in DB. The format is

   'md5' . md5($password . $username)

For description and links see here: 
http://pythonhosted.org/passlib/lib/passlib.hash.postgres_md5.html .

dynamic_1014 seems to be closest. Hm, maybe there is no need for a 
dedicated prefix. Input format could be like this:

   username:md5ffffffffffffffffffffffffffffffff

(though it seems to be ambiguous) and in .pot file it could be like this:

   $dynamic_1014$ffffffffffffffffffffffffffffffff$username

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ