Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 Jul 2012 13:37:14 -0500
From: "jfoug" <>
To: <>
Subject: RE: request for new dynamic subformats

This patch should get the first 2 formats in.  I have not done the new files
for the TS yet.  This patch should probably put in all branches.

Here are lines I am using, to build test strings, for anyone
wanting to learn more about that tool.

./  'dynamic=num=35,format=sha1($u.$c1.$p),usrname=uc,const1=:'
./  'dynamic=num=36,format=sha1($u.$c1.$p),usrname=true,const1=:'

ManGOS will be dynamic_35 and ManGOS2 will be dynamic_36.  The only
questions I have are the 'strtoupper' in dyna_35.  Are we going to have
encoding issues here?  I am hopeful that dynamic has taken this into
account, but I will have to audit it, to make 'sure' (the same will be for
the strlower in the 3rd type).

Now, I have questions for type #3 and #4.  In these, they are a full SHA,
but only a truncation gets stored to the file?  Is that truncation the first
part of the SHA string, or the last?


>From: Dhiru Kholia
>1. SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
>Works for all private server projects that use the same hashing
>method: trinity, ascent and others.
>2. SHA-1(ManGOS2) = sha1($username.':'.$pass) # already supported?
>3. sha1(strtolower($username).$pass)
>Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
>Used in SMF.
>Length: 20 bytes.
>4. sha1($salt.sha1($salt.sha1($pass))) # thick format already exits
>Used in Woltlab BB.
>Length: 20 bytes.

Download attachment "JtR-New-Dynamic-35-36-SHA-types.diff" of type "application/octet-stream" (3992 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.