Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Jun 2011 22:44:47 +0200
From: magnum <>
Subject: Even more mscash & mscash2 fixes

Just posted john-1.7.7-jumbo-6-more-mscash-fixes.diff.gz to the wiki, 
with the following for mscash & mscash2:

* 8-bit self-tests for normal mode as well as --utf8, also including 
nullstring and max length of salt [see below]
* Lowercasing of salts
* Unicode length check of salt and reject in valid() if too long
* (mscash2 only) Replaced a binary salt_len check in set_salt() that 
lacked error handling and caused crashes (apart from being redundant)

Still, there is a major problem in mscash2: As far as I can tell, the 
maximum supported salt length is supposed to be 19 characters. Unless my 
generator script is to blame, John fails to crack any hash with a salt 
longer than 8 characters. The self-test I included with saltlen 19 is 
currently commented out. Unless this is fixed, the max length check in 
valid() should be really be decreased from 19 to 8.

Is the original author, S3nf, a subscriber here? From what I can tell, 
the problem is in the PBKDF2 - the other stuff exists in mscash and 
works fine with up to 19 characters.

BTW here is how I create test hashes:

use Encode;
use Digest::MD4 qw(md4 md4_hex);
use Crypt::PBKDF2;
sub mscash2 {
        # max username (salt) length is supposed to be 19 characters (in 
        # max password length is 27 characters (in John)
        # the algorithm lowercases the salt
        my $user = randusername(5);
        $salt = encode("UTF-16LE", lc($user));
        my $pbkdf2 = Crypt::PBKDF2->new(
                hash_class => 'HMACSHA1',
                iterations => 10240,
                output_len => 16,
                salt_len => length($salt),
        # Crypt::PBKDF2 hex output is buggy, we do it ourselves!
        print "$user:", unpack("H*", 
        ":$u:0:$_[0]:mscash2 (user name required for salt in john's 

I am NOT 100% sure this salt length problem is not actually a problem 
with Crypt::PBKDF2. Other stupid bugs exist in it. But I have failed to 
g00gle test hashes and I have no Vista/2008/Win7 gear to make real test 
hashes. If anyone can confirm this hash:


is a valid DCC2 hash for password "password" and 10240 iterations, it 
would confirm my test script is OK.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.