Date: Thu, 24 Jun 2010 15:28:37 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Supporting Hashes independent of OS On Wed, Jun 23, 2010 at 06:50:45PM -0400, Robert Harris wrote: > Why are the hashes the JtR supports dependent on OS it is running on? Mostly, they are not. There are a few exceptions to this, of which SHA-crypt is the only notable one. Prior to 1.7.6, there were no such exceptions in the official JtR at all. I am planning to get the crypto code for SHA-crypt into JtR itself, so 1.7.6's reliance on the underlying OS support for SHA-crypt is temporary. It was suggested on this very mailing list that I integrate the generic crypt(3) support into JtR anyway, in case it turns out to be handy on another occasion (for other/custom/future hash types). So I decided to start with this generic solution (even if temporary for SHA-crypt) rather than with specialized code for SHA-crypt specifically (that would not depend on the OS). So far, almost everyone who wanted to crack/audit SHA-crypt hashes wanted to do so directly on one of the systems those hashes came from, so I expected 1.7.6's limited SHA-crypt support to work well enough for most of the users (and I think that it does). > What are your thoughts on turning John the Ripper into a Java program? This is a bad idea currently, but of course someone else may create a "competing" Java program instead. I wish good luck to them. ;-) Maybe you thought that this would somehow make it easier to make JtR independent of the OS support for password hashes? Well, it would not. It is easy enough to integrate existing pieces of C code and/or to use OpenSSL in the current JtR (written in C). Java does not make this any easier. I could have integrated Ulrich Drepper's public domain C code for SHA-crypt into JtR fairly easily. Maybe I should have, although I had some reasons not to (unrelated to programming language choice; in fact, this would be trickier to do in a language other than C/C++). Thank you for your questions/feedback! Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.