Date: Mon, 23 Jul 2012 12:46:15 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: mscash2 / hmac-md5 ambiguity On 2012-07-23 11:47, Alexander Cherepanov wrote: > mscash2 hashes in their canonical form are nevertheless accepted as > hmac-md5: > > $ cat mscash2.john > chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff > $ john mscash2.john > Warning: detected hash type "mscash2", but the string is also recognized > as "hmac-md5" > Use the "--format=hmac-md5" option to force loading these as that type > instead > Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1 > [128/128 SSE2 intrinsics 8x]) > guesses: 0 time: 0:00:00:02 0.00% (2) c/s: 339 trying: 123456 - abc123 > Session aborted > $ john --format=hmac-md5 mscash2.john > Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x]) > guesses: 0 time: 0:00:00:02 0.00% (3) c/s: 1120K trying: 123man - 123mah > Session aborted > > IMHO that's not very good. It was much worse until we forced hmac-md5 to lower precedence than mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash, with a salt of "$DCC2$10240#chatelain". We can stop this by black-listing certain format salts. That's OK with me but in some way it's a flawed path. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.