Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Feb 2006 20:11:58 +0300
From: Solar Designer <>
Subject: Re: IPB2, DIGEST-MD5, salted domino

On Thu, Feb 02, 2006 at 12:09:00AM +0100, Michal Luczaj wrote:
> The first one is just a bartavelle's raw-MD5 patch extended with support
> for Invision Power Board password hashes. Those two together make JtR
> The Ultimate Internet Forum Hash Cracker ;) (phpBB and IPB1 use MD5,
> while IPB2 uses it's own simple salted MD5 algorithm).
> And the second one is a tool created because of very specific needs.
> Basically it helps to "restore" password from DIGEST-MD5 authentication
> data (RFC2831).

Thanks.  I've placed these two in contrib/ and linked them from the
website, although I am not sure the DIGEST-MD5 one should be "announced"
like that since it can't be used without the source file being further
modified for the specific sniffed session.  Well, maybe you will provide
a generic implementation later. ;-)

Why did you mention "salted domino" in the Subject, though?

> Also I have a note about dominosec patch: just adding -march=pentium4 to
> Makefile gave me 23% speed-up.

Do you care?  I mean, the algorithms and code used in unofficial patches
for John are not really optimized anyway.  You can likely achieve much
greater speedups by optimizing the source code.

> Maybe it's time to think about some kind of ./configure?

Yes, I might be forced to introduce something like that eventually, but
not for that reason.  "configure" scripts are not expected to guess gcc
optimization options; they accept CFLAGS from the environment.

One reason to not introduce a "configure" script is that I'd like John
to remain portable or easy to port to non-Unix platforms.

> On "single crack"/"incremental" discussion... It's hard for me to
> imagine that "incremental mode" could be renamed. You know, JtR's
> incremental means JtR's incremental, nothing more and nothing less.
> Sentimental issues :)

I understand.  That name has been around for many years.

I'd be interested to hear opinions of native English speakers, though.

> But how about "context cracking" (or anything to do with
> context/environment/realm of password) instead of "single crack"?

That's a good suggestion.

Of the words you've suggested, I think only "context" is appropriate.
But that's OK.


Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.