Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 3 Feb 2006 20:11:58 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: IPB2, DIGEST-MD5, salted domino

On Thu, Feb 02, 2006 at 12:09:00AM +0100, Michal Luczaj wrote:
> The first one is just a bartavelle's raw-MD5 patch extended with support
> for Invision Power Board password hashes. Those two together make JtR
> The Ultimate Internet Forum Hash Cracker ;) (phpBB and IPB1 use MD5,
> while IPB2 uses it's own simple salted MD5 algorithm).
> 
> And the second one is a tool created because of very specific needs.
> Basically it helps to "restore" password from DIGEST-MD5 authentication
> data (RFC2831).

Thanks.  I've placed these two in contrib/ and linked them from the
website, although I am not sure the DIGEST-MD5 one should be "announced"
like that since it can't be used without the source file being further
modified for the specific sniffed session.  Well, maybe you will provide
a generic implementation later. ;-)

Why did you mention "salted domino" in the Subject, though?

> Also I have a note about dominosec patch: just adding -march=pentium4 to
> Makefile gave me 23% speed-up.

Do you care?  I mean, the algorithms and code used in unofficial patches
for John are not really optimized anyway.  You can likely achieve much
greater speedups by optimizing the source code.

> Maybe it's time to think about some kind of ./configure?

Yes, I might be forced to introduce something like that eventually, but
not for that reason.  "configure" scripts are not expected to guess gcc
optimization options; they accept CFLAGS from the environment.

One reason to not introduce a "configure" script is that I'd like John
to remain portable or easy to port to non-Unix platforms.

> On "single crack"/"incremental" discussion... It's hard for me to
> imagine that "incremental mode" could be renamed. You know, JtR's
> incremental means JtR's incremental, nothing more and nothing less.
> Sentimental issues :)

I understand.  That name has been around for many years.

I'd be interested to hear opinions of native English speakers, though.

> But how about "context cracking" (or anything to do with
> context/environment/realm of password) instead of "single crack"?

That's a good suggestion.

Of the words you've suggested, I think only "context" is appropriate.
But that's OK.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ