Date: Mon, 23 Jul 2012 12:55:13 +0200 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: mscash2 / hmac-md5 ambiguity On 07/23/2012 12:46 PM, magnum wrote: > On 2012-07-23 11:47, Alexander Cherepanov wrote: >> mscash2 hashes in their canonical form are nevertheless accepted as >> hmac-md5: >> >> $ cat mscash2.john >> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff >> $ john mscash2.john >> Warning: detected hash type "mscash2", but the string is also recognized >> as "hmac-md5" >> Use the "--format=hmac-md5" option to force loading these as that type >> instead >> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1 >> [128/128 SSE2 intrinsics 8x]) >> guesses: 0 time: 0:00:00:02 0.00% (2) c/s: 339 trying: 123456 - abc123 >> Session aborted >> $ john --format=hmac-md5 mscash2.john >> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x]) >> guesses: 0 time: 0:00:00:02 0.00% (3) c/s: 1120K trying: 123man - 123mah >> Session aborted >> >> IMHO that's not very good. > > It was much worse until we forced hmac-md5 to lower precedence than > mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash, > with a salt of "$DCC2$10240#chatelain". We can stop this by > black-listing certain format salts. That's OK with me but in some way > it's a flawed path. hmac-md5 doesn't have the "split() method unifies case" flag set, but mscash2 has. could we change that in a way that one format uses uppercase, the other lowercase? Or would breaking backwards compatibility hurt too much? If hmac-md5 is less likely to be cracked with john, we could convert that one to upper case hex, and drop the flag from mscash2. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.