Date: Tue, 20 Sep 2011 22:33:41 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512) On Tue, Sep 20, 2011 at 01:19:07PM -0500, jfoug wrote: > I think that is ideal. A standard john tool (lion2john) to double base64 > the input file, I could be wrong, but I think there's no _double_ base64 encoding on actual systems. What we see at: http://www.frameloss.org/2011/09/05/cracking-macos-lion-passwords/ is a side-effect of the tools used. Specifically, I think the "plutil -convert xml1 ShadowHashData" command does base64 _encoding_ of a component of the binary plist, to meet the requested output format. > and then output this type line: > > user:$LION$salt$base16_hash > > is probably the correct output for that tool to generate, and for the format > to validate and use. I think we should omit the dollar sign after the salt, because the salt is binary and fixed-length, and because people seem to be already using 136-hex-character strings. So we'll just prefix those strings with $LION$ when we can, and we'll read them without the prefix as well (even though this might end up being ambiguous at a later time). Sounds fine? Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.