Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 19 Jul 2015 10:18:02 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: nsldap can be cracked together with raw-sha1


---- Aleksey Cherepanov <lyosha@...nwall.com> wrote: 
> I looked into the src/nsldap_fmt_plug.c and I think that nsldap format
> can be cracked together with raw-sha1. The only difference is
> cyphertext encoding: raw-sha1 uses hex while nsldap uses base64 (and
> other tag, obviously).
> 
> #define FORMAT_LABEL			"nsldap"
> #define FORMAT_NAME			"Netscape LDAP {SHA}"
> 
> Don't I miss something? Should not these formats be merged?

No, you did not miss anything. They should be merged. And for good reasons.  raw-sha1 is faster than nsldap.  The key setup is a little different (not sure if better or not).  raw-sha1 uses openmp, but the biggest gain is raw-sha1 uses SSEi_REVERSE_STEPS which also gains speed by skipping some work at the end of the hashing step.   I see about 10% faster on my wimpy laptop for raw-sha1.

Should not be too hard to do.  A change to prepare (possibly split), and it is done.   The nsldap format label/name would simply go away however.  The nsldap stuff would simply be 'part' of what is handled by raw-sha1.

Proper merging of functions like this would be a pretty good GSoC task, I think, along with identifying possible candidates (there probably are more of them).

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ