Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 11:32:40 +0200
From: Frank Dittrich <>
Subject: Re: RE: Change episerver format name?

On 06/29/2012 11:10 AM, wrote:
> Hey Guys,
> we can do that, but in this case the signature in the hash should
> change, too.
> Currently the algorithm used is configured by the attribute following
> the signature. So it would make more sense to rename it from $episerver$
> to $msnet$ not $msnet-sha1$
> The hash would change from:
> $episerver$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword
> to:
> $msnet$*0*fGJ2wn/5WlzqQoDeCA2kXA==*zycIUapZz/v84FF93rAWDlCA3x8=:testPassword

The format could be made to recognize $episerver$*0* as well, but store
new cracked hashes as $msnet$*0*

BTW: Shouldn't the 0 be changed to something else?
Otherwise, it might be confused with PasswordFormat = 0 which means
Plaintext, according to
(Whatever 1 = Hashed and 2 = Encrypted mean. Will 1 = Hashed be used
both for SHA-1 and SHA-256?)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.