Date: Mon, 09 Jul 2012 23:02:41 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: request for new dynamic subformats Committed to magnum-jumbo and downstream. Actually I guess we could put it in -fixes too, no? magnum On 2012-07-09 20:37, jfoug wrote: > This patch should get the first 2 formats in. I have not done the new files > for the TS yet. This patch should probably put in all branches. > > Here are pass_gen.pl lines I am using, to build test strings, for anyone > wanting to learn more about that tool. > > ./pass_gen.pl 'dynamic=num=35,format=sha1($u.$c1.$p),usrname=uc,const1=:' > and > ./pass_gen.pl 'dynamic=num=36,format=sha1($u.$c1.$p),usrname=true,const1=:' > > ManGOS will be dynamic_35 and ManGOS2 will be dynamic_36. The only > questions I have are the 'strtoupper' in dyna_35. Are we going to have > encoding issues here? I am hopeful that dynamic has taken this into > account, but I will have to audit it, to make 'sure' (the same will be for > the strlower in the 3rd type). > > Now, I have questions for type #3 and #4. In these, they are a full SHA, > but only a truncation gets stored to the file? Is that truncation the first > part of the SHA string, or the last? > > Jim. > >> From: Dhiru Kholia >> 1. SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass) >> Works for all private server projects that use the same hashing >> method: trinity, ascent and others. >> >> 2. SHA-1(ManGOS2) = sha1($username.':'.$pass) # already supported? >> >> 3. sha1(strtolower($username).$pass) >> Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a >> Used in SMF. >> Length: 20 bytes. >> >> 4. sha1($salt.sha1($salt.sha1($pass))) # thick format already exits >> Used in Woltlab BB. >> Length: 20 bytes.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.