Date: Mon, 21 Jan 2013 01:02:36 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: salt_hash // Public domain hash function by DJ Bernstein On 21 Jan, 2013, at 0:29 , Frank Dittrich <frank_dittrich@...mail.com> wrote: > Another candidate to create a commonly used function to common.h (adding > a parameter for SALT_SIZE), and reuse it? Or should it be moved > somewhere else? > > $ git grep -A 1 Bernstein|grep -v -- -- > (...) You mean something like: void *hash(void *input, int *len); With output aligned at ARCH_WORD and not assuming alignment for input, it could be usable for many formats. > I guess this is stuff that can wait until the next jumbo version is > released. Definitly. I added that Bernstein hash function to JtR and tweaked it (there are numerous variants with subtle differences) and verified it for a couple of formats. For very short lengths, some hash functions are better than others. We are sometimes hashing some kind of binary data, sometimes ASCII (eg. usernames) and sometimes UTF-16 (likely with half of the octets being zero). So a shared function might not suit all uses. BTW, some formats have a seriously skewed salt distribution. MSSQL is one, I have a feeling there is a timestamp involved. Obviously, a 32-bit binary salt like that one does not need a hash function if it's really random - you could just return 12 bits from it as-is. But using this hash function we got a whole lot better spread. I think that was where this Bernstein function was introduced first. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.