Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 03:41:10 +0400
From: Alexander Cherepanov <>
Subject: Re: Cracking Mountain Lion hashes (WIP)

On 2012-09-10 20:48, Dhiru Kholia wrote:
>> which your code doesn't seem to accommodate for. Don't know how
>> popular it is and whether it's worth supporting.
> It is not my code ;). Lukas wrote it. 

Yes, my mail should have been addressed to Lukas, sorry for confusion.

> I can see if this can be fixed easily.

It would be great to at least fix a buffer overflow on overly long salts.

> Lukas,
> Any comments? I think we already calculate variables salt's length
> correctly. We just need to apply the same code to actual hash string.
> Correct?

To start really work with long hashes one needs to decide how to store
it -- to move limit on salt length to another arbitrary value, to use
dynamic memory for it or something. I'm not sure which way is better.

>> 3. Just found that passlib supports plain pbkdf2_sha512 (in
>> addition to grub_pbkdf2_sha512). It looks like this:
>> '$pbkdf2-sha512$6400$Y2wNgZByDgGgFEIIYay1Ng$y2Epfl7fAwx7v.Zw9hNnEKCfGmWvFZoF.dQMfjhjnM.sSmDI7yXRe8JcqrdPdf5nbFEgMBWSY2cPW1stdtD3oA'
> Is this output format used by some real application? If yes, then we
> will have to add support for it at some point. Thanks again.

I don't know, probably not.

Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.