Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Apr 2016 17:50:53 +0300
From: Aleksey Cherepanov <>
Subject: Re: XenForo algorithm and dynamic formats

On Sun, Apr 24, 2016 at 04:36:25PM +0200, Eddy wrote:
> a guy requested on hashcat github an implementation of XenForo encryption
> scheme, which follows this:
> sha1(hexdigest (sha1(password)) .  hexdigest(salt))
> sha256(hexdigest (sha256(password)) .  hexdigest(salt))
> These schemes could easily be implemented using dynamic so I was wondering

They are already implemented:

dynamic_1503	sha256(sha256($p).$s) (XenForo SHA-256)
dynamic_1502	sha1(sha1($p).$s) (XenForo SHA-1)

$ run/john --list=format-details | grep -i xenforo

> if there is any perticular will of the team whether to implement proper
> formats for this kind of encryption schemes or to only rely on dynamic
> formats (thus less performances)

In the scheme with sha256, sha256($p) may be lifted from loop over
salts because the result is in hex and is long exactly as input block
for sha256. I guess Jim's current dynamics does not catch such case,
but it may be worth to improve it there instead of new format.

More comments?


Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.