Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 25 Aug 2012 23:31:38 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Is there any patch to crack MySQL Network auth?

This code is now in magnum-jumbo (jumbo-unstable tree), and needs to be
pushed into magnum-bleeding.   This was a rather large amount of code
change.  It was my belief that we were locking down j6-fixes tree (jumbo-7)
to fixes, so the code has not been targeted to that build.  But the ability
to do things like 'raw' multiple crypts on the larger hashes within dynamic
is now possible.

Jim.

>Sent: Wednesday, August 22, 2012 2:56 PM
>
>Jim -
>
>On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote:
>> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote:
>> > Need to brute that:
>> > SHA1(salt + SHA1(SHA1($password)))
>>
>> I guess you could use dynamic for that (doc/DYNAMIC in jumbo).
>
>I briefly looked into implementing this as a dynamic, however we appear
>to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6).
>Specifically, I couldn't find a way to reuse raw (as opposed to
>hex-encoded) output of SHA-1 for another SHA-1 computation.
>
>Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that
>this is not currently possible (and make it possible in a later
>version).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.