Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 9 Jul 2012 13:37:14 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: request for new dynamic subformats

This patch should get the first 2 formats in.  I have not done the new files
for the TS yet.  This patch should probably put in all branches.

Here are pass_gen.pl lines I am using, to build test strings, for anyone
wanting to learn more about that tool.

./pass_gen.pl  'dynamic=num=35,format=sha1($u.$c1.$p),usrname=uc,const1=:'
and
./pass_gen.pl  'dynamic=num=36,format=sha1($u.$c1.$p),usrname=true,const1=:'

ManGOS will be dynamic_35 and ManGOS2 will be dynamic_36.  The only
questions I have are the 'strtoupper' in dyna_35.  Are we going to have
encoding issues here?  I am hopeful that dynamic has taken this into
account, but I will have to audit it, to make 'sure' (the same will be for
the strlower in the 3rd type).

Now, I have questions for type #3 and #4.  In these, they are a full SHA,
but only a truncation gets stored to the file?  Is that truncation the first
part of the SHA string, or the last?

Jim.

>From: Dhiru Kholia
>1. SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
>Works for all private server projects that use the same hashing
>method: trinity, ascent and others.
>
>2. SHA-1(ManGOS2) = sha1($username.':'.$pass) # already supported?
>
>3. sha1(strtolower($username).$pass)
>Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
>Used in SMF.
>Length: 20 bytes.
>
>4. sha1($salt.sha1($salt.sha1($pass))) # thick format already exits
>Used in Woltlab BB.
>Length: 20 bytes.

Download attachment "JtR-New-Dynamic-35-36-SHA-types.diff" of type "application/octet-stream" (3992 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.