Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Aug 2012 10:09:31 -0500
From: "jfoug" <>
To: <>
Subject: RE: SRP

I am not sure of the leak. I have seen no 'real' hashes.


But from reading some of the blogs/posts, and making some assumptions, I
have put this together.  I also have a JtR plug format. It is not fast, only
get about 17k / core (older Core2).  The bottleneck is GMP. It is fast in a
general purpose way, but things could certainly be faster.


Here is the perl script that will build hashes which 'match' the plug
format. At this time, I am hesitant to release this, since we really do not
know if this is correct, or if these hashes are really ITW.


Some 'assumptions' I have made:


Username data uppercased.

Password uppercased.


Salt has no case change made (just put into hex, so any value can be


Format is:




#!/usr/bin/perl -w

use strict;

use Math::BigInt;

use Digest::SHA qw(sha1);


my @chrAsciiTextNumUnder=('a'..'z','A'..'Z','0'..'9','_');

my @userNames = (

        "admin", "root", "bin", "Joe", "fi15_characters", "Babeface",
"Herman", "lexi Conrad", "jack", "John", "sz110",

        "fR14characters", "Thirteenchars", "Twelve_chars", "elev__chars",
"teN__chars", "six16_characters",

        "ninechars", "eightchr", "sevench", "barney", "C0ffee", "deadcafe",
"user", "01234", "nineteen_characters",

        "eight18_characters", "seven17characters", "u1", "harvey", "john",
"ripper", "a", "Hank", "1", "u2", "u3",

        "2", "3", "usr", "usrx", "usry", "skippy", "Bing", "Johnson",
"addams", "anicocls", "twentyXXX_characters",

        "twentyoneX_characters", "twentytwoXX_characters");


sub randstr {

        my @chr = @chrAsciiTextNumUnder;

        my $s;

        foreach (1..$_[0]) {

                $s.=$chr[rand @chr];


        return $s;


sub randusername {

        my $num = shift;

        my $user = $userNames[rand @userNames];

        if (defined($num) && $num > 0) {

                while (length($user) > $num) {

                        $user = $userNames[rand @userNames];



        return $user;



sub wow_srp {

        my $salt=randstr(16);

        my $usr = uc randusername();


        my $h = sha1($usr,":",uc $_[0]);

        $h = sha1($salt, $h);


        # turn $h into a hex, so we can load it into a BigInt

        $h = "0x" . unpack("H*", $h);


        # perform exponentation.

        my $base = Math::BigInt->new(47);

        my $exp = Math::BigInt->new($h);

        my $mod =

        $h = $base->bmodpow($exp, $mod);


        # convert h into upper cased hex  (also salt gets converted into
upcased hex)

        $h = uc substr($h->as_hex(), 2);


        print "wow_srp:\$WoWSRP\$$h\$", uc unpack("H*", $salt),
"*$usr:0:0:", uc $_[0], "::\n";



wow_srp $ARGV[0]



From: Francois Pesce [] 




Just FYI, because you missed a response from epixoip on IRC:

04:46 <@solardiz> why did blizzard warn their users if no data actually

05:05 -!- solardiz [] has quit [Quit: Leaving]


11:28 < epixoip> blizzard database hasn't been leaked as far as anyone
knowns. seems like blizzard noticed it through log review, artifacts,
whatever then disclosed it. wasn't discovered through a leak.

11:31 < epixoip> solardiz, regarding "why did blizzard warn their users if
no data actually leaked" -- in the US we have data breach laws which state
that if you have reason to believe that any personal information has been
compromised you must notify the public


We are all speculating here, this is the problem with US companies & their
press people (other example: does anyone here know how exactly LinkedIn was
compromised? 1M $ in forensics and the journalists keep saying it's a simple
SQLi problem, I've not seen any official communication from LinkedIn on this
subject : ).


Thank you very much Dhiru for the link. I'm still amazed by the work of the
reverse engineers that tried to develop private server and had to deal with
all these authentication problems.




On Fri, Aug 10, 2012 at 11:27 PM, Dhiru Kholia <>

On Sat, Aug 11, 2012 at 10:05 AM, Solar Designer <> wrote:
> On Sat, Aug 11, 2012 at 06:26:37AM +0400, Solar Designer wrote:
>> SHA-1's (or whatever hash Blizzard used)
> Apparently, it's in fact SHA-1:

I have read that 2.0 uses SHA-256.



Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.