Date: Fri, 3 Feb 2006 20:11:58 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: IPB2, DIGEST-MD5, salted domino On Thu, Feb 02, 2006 at 12:09:00AM +0100, Michal Luczaj wrote: > The first one is just a bartavelle's raw-MD5 patch extended with support > for Invision Power Board password hashes. Those two together make JtR > The Ultimate Internet Forum Hash Cracker ;) (phpBB and IPB1 use MD5, > while IPB2 uses it's own simple salted MD5 algorithm). > > And the second one is a tool created because of very specific needs. > Basically it helps to "restore" password from DIGEST-MD5 authentication > data (RFC2831). Thanks. I've placed these two in contrib/ and linked them from the website, although I am not sure the DIGEST-MD5 one should be "announced" like that since it can't be used without the source file being further modified for the specific sniffed session. Well, maybe you will provide a generic implementation later. ;-) Why did you mention "salted domino" in the Subject, though? > Also I have a note about dominosec patch: just adding -march=pentium4 to > Makefile gave me 23% speed-up. Do you care? I mean, the algorithms and code used in unofficial patches for John are not really optimized anyway. You can likely achieve much greater speedups by optimizing the source code. > Maybe it's time to think about some kind of ./configure? Yes, I might be forced to introduce something like that eventually, but not for that reason. "configure" scripts are not expected to guess gcc optimization options; they accept CFLAGS from the environment. One reason to not introduce a "configure" script is that I'd like John to remain portable or easy to port to non-Unix platforms. > On "single crack"/"incremental" discussion... It's hard for me to > imagine that "incremental mode" could be renamed. You know, JtR's > incremental means JtR's incremental, nothing more and nothing less. > Sentimental issues :) I understand. That name has been around for many years. I'd be interested to hear opinions of native English speakers, though. > But how about "context cracking" (or anything to do with > context/environment/realm of password) instead of "single crack"? That's a good suggestion. Of the words you've suggested, I think only "context" is appropriate. But that's OK. Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.