Date: Sat, 16 Mar 2013 17:28:06 +0100 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Cisco - Password type 4 - SHA256 On 03/16/2013 02:54 PM, Dhiru Kholia wrote: > On Sat, Mar 16, 2013 at 5:48 PM, Sc00bz64@...oo.com <sc00bz64@...oo.com> wrote: >> Yeah so I released code on #openwall http://pastebin.com/1yCLwyVY > > Thanks. > > I have made a crappy format for this, > https://github.com/kholia/JohnTheRipper/tree/cisco-type-4 Your implementation uses PLAINTEXT_LENGTH 125. Is the max. length supported by Cisco documented somewhere, or can you test it? E.g., use a password of length 128, then try the 64 leading characters, see if the hash differs or not, and find out the correct length applying a binary search... Also, can you make sure the algorithm really distinguishes upper and lower case characters? What about trying some non-ascii characters? You specified FMT_8_BIT, so you should verify that those characters are not "truncated" to 7 bits (or even converted to UTF-8). > Ideally, one time base64 decoding should be used instead of repetitive > base64 encoding. Right. The valid() implementation could need additional checks. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.