Date: Sun, 24 Apr 2016 17:50:53 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: XenForo algorithm and dynamic formats On Sun, Apr 24, 2016 at 04:36:25PM +0200, Eddy wrote: > a guy requested on hashcat github an implementation of XenForo encryption > scheme, which follows this: > > sha1(hexdigest (sha1(password)) . hexdigest(salt)) > sha256(hexdigest (sha256(password)) . hexdigest(salt)) > > These schemes could easily be implemented using dynamic so I was wondering They are already implemented: dynamic_1503 sha256(sha256($p).$s) (XenForo SHA-256) dynamic_1502 sha1(sha1($p).$s) (XenForo SHA-1) $ run/john --list=format-details | grep -i xenforo > if there is any perticular will of the team whether to implement proper > formats for this kind of encryption schemes or to only rely on dynamic > formats (thus less performances) In the scheme with sha256, sha256($p) may be lifted from loop over salts because the result is in hex and is long exactly as input block for sha256. I guess Jim's current dynamics does not catch such case, but it may be worth to improve it there instead of new format. More comments? Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.