Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Feb 2012 19:53:20 +0400
From: Solar Designer <>
Subject: Re: sha1 + hex salt

On Wed, Feb 15, 2012 at 09:28:34AM -0600, jfoug wrote:
> I really wonder if the description of this crypt is wrong.  I bet this is
> simply a fixed 16 byte null buffer, that has the password overwrite the
> first part of this buffer, and then is crypted with SHA1.  This is similar
> to how cisco pix works (but pix used md5).  I.e., we are seeing a fixed
> sized null padded password buffer.
> Thus, it may be better for this crypt, to do this type pseudo code:
> clean_buffer   (whole buffer is NULL).
> append_key
> set_length_16  (I do not think this function exists in dynamic right now)
> sha1_crypt

Actually, this appears to work:

Expression=sha1($p NUL-padded to length 16)

$ ./john -te=1 -fo=dynamic_1998
Benchmarking: dynamic_1998 sha1($p NUL-padded to length 16) [SSE2i 10x4x3]... DONE
Raw:    5561K c/s real, 5561K c/s virtual

$ ./john --format=dynamic_1998 -i=digits pw
Loaded 1 password hash (dynamic_1998 sha1($p NUL-padded to length 16) [SSE2i 10x4x3])
92086390         (?)
guesses: 1  time: 0:00:00:10 DONE (Wed Feb 15 19:48:39 2012)  c/s: 5136K trying: 92080055 - 92086591

I think 10 seconds is an improvement over 15 minutes. ;-)

I also tested a linux-x86-mmx build on a 1 GHz P3 - works as well (but
slower, indeed - takes a little over 1 minute to crack the same password).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.