Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 11:32:40 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: RE: Change episerver format name?

On 06/29/2012 11:10 AM, atom@...hcat.net wrote:
> Hey Guys,
> 
> we can do that, but in this case the signature in the hash should
> change, too.
> 
> Currently the algorithm used is configured by the attribute following
> the signature. So it would make more sense to rename it from $episerver$
> to $msnet$ not $msnet-sha1$
> 
> The hash would change from:
> 
> $episerver$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword
> 
> to:
> 
> $msnet$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword

The format could be made to recognize $episerver$*0* as well, but store
new cracked hashes as $msnet$*0*

BTW: Shouldn't the 0 be changed to something else?
Otherwise, it might be confused with PasswordFormat = 0 which means
Plaintext, according to
http://msdn.microsoft.com/en-us/library/aa478949.aspx
(Whatever 1 = Hashed and 2 = Encrypted mean. Will 1 = Hashed be used
both for SHA-1 and SHA-256?)

Frank


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.