Date: Fri, 29 Jun 2012 11:32:40 +0200 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: RE: Change episerver format name? On 06/29/2012 11:10 AM, atom@...hcat.net wrote: > Hey Guys, > > we can do that, but in this case the signature in the hash should > change, too. > > Currently the algorithm used is configured by the attribute following > the signature. So it would make more sense to rename it from $episerver$ > to $msnet$ not $msnet-sha1$ > > The hash would change from: > > $episerver$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword > > to: > > $msnet$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword The format could be made to recognize $episerver$*0* as well, but store new cracked hashes as $msnet$*0* BTW: Shouldn't the 0 be changed to something else? Otherwise, it might be confused with PasswordFormat = 0 which means Plaintext, according to http://msdn.microsoft.com/en-us/library/aa478949.aspx (Whatever 1 = Hashed and 2 = Encrypted mean. Will 1 = Hashed be used both for SHA-1 and SHA-256?) Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.