Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 27 Jul 2012 02:51:59 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: mscash2 / hmac-md5 ambiguity

On 2012-07-26 02:39, Frank Dittrich wrote:
> On 07/26/2012 12:17 AM, Alexander Cherepanov wrote:
>> On 2012-07-24 01:36, Alexander Cherepanov wrote:
>>> For now I see the following:
>>>
>>> canonical is accepted as
>>>
>> BTW which formats are for the same type of hashes? For example, nt and
>> nt2 are for the same hashes. But what about raw-md5 and dynamic_0?
>> phpass and dynamic_17? etc.
>
> You could check the test cases of the format's self test.
> If these are the same formats, they usually also have the same self
> tests (exception would be a test which would fail because one
> implementation supports a smaller maximum password length.

Thanks for an idea.

> (For dynamic_10NN, the test cases are in the config file dynamic.conf.)
>
> BTW: Some formats which currently collide with other formats could get a
> changed canonical representation. At least those which av an individual
> conversion script or routine:
>
> $ ls -l *2john*

Any canonical form which differs from a form ITW can theoretically be 
corrected.

> These formats could still support the old format. But the sequence of
> format registration might need to be changed in case they grab hashes
> which are the canonical form of another format.
>
> But that is certainly stuff to be checked after the contest.

Sure.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.