Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Feb 2013 03:12:01 +0100
From: magnum <>
Subject: Re: AIX password hashes

On 16 Feb, 2013, at 2:28 , Frank Dittrich <> wrote:

> On 02/16/2013 12:32 AM, magnum wrote:
>> I have a feeling the "hard" part of figuring out the AIX hashes is to establish the exact encoding scheme. 
> I think there is also some broken magic used. Without reverse
> engineering he algorithm, more samples might help,
> In addition to the ones in
> we might need some more.
> First, a
> ./AIXtest ... | wc -l

I believe this will just produce 100,000 DES hashes with random salt.

> Then, the may be the top 100 hashes of those broken formats, but not
> just the ones which have a '...' sequence in the hash.
> ...

I think we're looking at the simplest algorithm you can imagine (iterate 2^N over pass.salt) and the only real obstacle is the encoding. I can't imagine any more test that would help. The {smd5} timings are curious though. I think they indicate it could be pretty much like normal crypt MD5.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.