Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Feb 2011 00:51:09 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen(0) broken for ages?

On 02/26/2011 06:22 PM, jfoug wrote:
> There are several caveats (and I have not yet dug into any unintended
> consequences).
>
> 1. This will ONLY be used, if you fully specify the md5-gen format and a
> subformat.

No problem here

> 2. This will likely only work for non-salted hashes, due to how md5_gen
> requires the salt to be placed.

Well if you know a salt, you would of course prepare the file (but only 
once!) so the salt part is correct for md5-gen:

user:b065775a4631811715c2b83163b921a0$salt:::

So it's "half-prepared" for md5_gen but it doesn't say which subformat 
we want. Then you just try subformats using the command-line option - of 
course picking those with one salt, as well as formats like 
md5($u.md5($p).$s).

Hopefully this will be OK with the implementation you have in mind.

> However, even with the above caveats (and likely more), I do think this is a
> valid change, and I was surprised that it really was not that hard.  Note, I
> do not have it fully working yet, but do have the 'valid' function working.
> I will have to make a few additional changes, but I do believe this is a
> doable function.

I'm glad to hear that!

Thanks,
magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.