Date: Mon, 7 Sep 2015 10:08:44 -0500 From: JimF <jfoug@....net> To: john-dev@...ts.openwall.com Subject: Re: FormSpring valid() On 9/7/2015 8:27 AM, Kai Zhao wrote: > Hi Alexander, > > On Mon, Sep 7, 2015 at 1:28 AM, Solar Designer <solar@...nwall.com> wrote: >> Kai - how did you obtain the test vectors that you added to >> formspring_fmt_plug.c in 101bed96efba9509f5f60447a342a00024bba17e? >> Specifically, where did their salts come from? Why are they of 8 hex >> digits whereas the existing test vectors used two-char salts? > In dynamic_preloads.c::121 > > //dynamic_60 -->sha256($p) > > So I can generate test vectors by: > > $ ./john --test=0 --format='dynamic=sha256($s.$p),debug' If you change your command to this: $ ./john --test=0 --format='dynamic=sha256($s.$p),saltlen=2,debug' It would give proper 2 byte salts for you. Also: $ echo -n test | run/pass_gen.pl formspring #!comment: Built with pass_gen.pl using RAW mode, 0 to 128 characters dict file=stdin ** Here are the hashes for format formspring ** u0:0f435d79d56ae33430041d2e1b2892cb13f2e346ab8d9a79febf2d9c695672b6$72:0:0:test: Also works. pass_gen.pl was built to provide workable hashes for most of johns format. It does a pretty decent job. It even contains a dynamic 'expression building' (the logic from it actually was used to make the @dynamic=@ format in john). It really should be looked at as a first source of obtaining new hashes.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ