Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Jan 2012 18:29:29 -0500
From: Rich Rumble <>
Subject: Re: Jumbo future

On Mon, Jan 23, 2012 at 5:00 PM, Solar Designer <> wrote:
> On Mon, Jan 16, 2012 at 02:35:31AM +0100, magnum wrote:
>> On 01/16/2012 12:12 AM, Solar Designer wrote:
>> > Here's one more: Drupal 7 uses a revision of phpass with MD5 replaced
>> > with SHA-512 and hashes cut at 258 bits (yes, 258 - that's a multiple of 6).
>> > These hash encodings use the $S$ prefix.  Perhaps we should support them.
>> I'll add this, and other things you mentioned earlier, to the wiki
>> wish-list.
> Thanks.  Here's one more to add: it'd be nice for JtR to support SIP
> challenge/responses, essentially integrating SIPcrack into JtR:
I couldn't find where it's be discussed before, but M$ Office password
support would be nice. The password to OPEN a file in particular. This
is a weak 40-bit RC4 (Office 97-2000 and Office XP), it was the default
and in many of the office suites only encryption available. There is a
brute-force method, and there is a key exhaustion method since the key
space is limited. The key exhaustion would be a "guaranteed" method
of recovery, might not be 100% but should be as close as one could hope.
I can try to locate where the passwords are and how to extract, then it
might just be a case of cracking them. I'm not sure about the exhaustion
method though, and how to use that key once found.
VelvetSweatshop being the generated key.

PST files if I recall have many collisions due to use crc32 (a? b?) and since
we have some CRC code already perhaps it's more of a question of extraction
than making a new module.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.