Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Sep 2011 14:21:04 -0500
From: "jfoug" <>
To: <>
Subject: RE: Mac OS X 10.7 Lion password hashes (salted SHA-512)

>From: Solar Designer []
>On Tue, Sep 20, 2011 at 01:19:07PM -0500, jfoug wrote:
>> I think that is ideal.  A standard john tool (lion2john) to 
>> double base64 the input file,
>I could be wrong, but I think there's no _double_ base64 encoding on
>actual systems.  What we see at:

I just went of how one of those links 'read'. It sounded like a double
base-64.  The first to decode to the xml file, the second decoded the xml
variable contents.  Now, I do not have a mac, so can not test at all to know
what is right/wrong in how I interpreted what I read.

>I think we should omit the dollar sign after the salt, because the salt
>is binary and fixed-length, and because people seem to be already using
>136-hex-character strings.  So we'll just prefix those strings with
>$LION$ when we can, and we'll read them without the prefix as well (even
>though this might end up being ambiguous at a later time).
>Sounds fine?

That probably would be better, and would give us an easier to deal with
plain hash, for prepare to make 'right'.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.