Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 28 Jun 2012 22:04:26 +0200
From: Frank Dittrich <>
Subject: Re: Change episerver format name?

On 06/28/2012 09:43 PM, Per Thorsheim wrote:
> Hashcat and JtR currently refers to the name 'episerver', based on old & deprecated format in john, as well as the new format based on work @ hashcat forum & this list.
> After the latest blog post from Troy Hunt (, I think it should be renamed into something like MSNET-SHA1. After all episerver uses whatever .NET has been configured to use, which could be sha1, sha2-*, pbkdf2 etc. Episerver by itself doesn't have any password algorithms.
> Best regards,
> Per Thorsheim

I vaguely remember suggesting a rename as well, but I didn't have a good

If we rename it, we'd need to adjust the run/benchmark-unify script as well.

$ grep -i epi benchmark-unify
EPiServer SID Hashes	EPiServer SID salted SHA-1

Each of these 2 names must be mapped to the new name.
What worries me is that episerver_fmt_plug.c actually supports 2
formats, one using SHA-1, the other SHA256, but the test vectors are
only for SHA-1.

So may be we even need to split this into 2 formats?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.