Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Dec 2015 19:24:46 -0600
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com, ls@...r.so
Subject: Re: QNX Neutrino 6.6.0 password hashes

Hmm, it looks to me like QNX sha512 is broken. Look at this newer page

https://moar.so/tmp/qnx_sha512_broken.txt

So, the first 11 iterations (salt + 12 words) works. The total length of 
the string is 112 bytes. 112 bytes 'should' be the first hash which 
requires 2 limbs of sha512. It does work, but when another 'password' is 
appended (now 120 bytes), the hash returned is no longer correct.

To me, this appears to be a broken core crypto sha512 function within QNX.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ