[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Sep 2011 22:33:41 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)
On Tue, Sep 20, 2011 at 01:19:07PM -0500, jfoug wrote:
> I think that is ideal. A standard john tool (lion2john) to double base64
> the input file,
I could be wrong, but I think there's no _double_ base64 encoding on
actual systems. What we see at:
http://www.frameloss.org/2011/09/05/cracking-macos-lion-passwords/
is a side-effect of the tools used. Specifically, I think the
"plutil -convert xml1 ShadowHashData" command does base64 _encoding_ of
a component of the binary plist, to meet the requested output format.
> and then output this type line:
>
> user:$LION$salt$base16_hash
>
> is probably the correct output for that tool to generate, and for the format
> to validate and use.
I think we should omit the dollar sign after the salt, because the salt
is binary and fixed-length, and because people seem to be already using
136-hex-character strings. So we'll just prefix those strings with
$LION$ when we can, and we'll read them without the prefix as well (even
though this might end up being ambiguous at a later time).
Sounds fine?
Alexander
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
