Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Jun 2011 18:35:22 +0200
From: magnum <>
Subject: Re: Even more mscash & mscash2 fixes

On 2011-06-15 22:44, magnum wrote:
> Still, there is a major problem in mscash2: As far as I can tell, the 
> maximum supported salt length is supposed to be 19 characters. Unless 
> my generator script is to blame, John fails to crack any hash with a 
> salt longer than 8 characters. The self-test I included with saltlen 
> 19 is currently commented out. Unless this is fixed, the max length 
> check in valid() should be really be decreased from 19 to 8.
> Is the original author, S3nf, a subscriber here? From what I can tell, 
> the problem is in the PBKDF2 - the other stuff exists in mscash and 
> works fine with up to 19 characters.
> I am NOT 100% sure this salt length problem is not actually a problem 
> with Crypt::PBKDF2. Other stupid bugs exist in it. But I have failed 
> to g00gle test hashes and I have no Vista/2008/Win7 gear to make real test

I have now confirmed my test files are correct, the format is buggy. I 
cc'd s3nf in case he's not on this list.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.