Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Aug 2012 23:55:43 +0400
From: Solar Designer <>
Subject: Re: Is there any patch to crack MySQL Network auth?

Jim -

On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote:
> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote:
> > Need to brute that:
> > SHA1(salt + SHA1(SHA1($password)))
> I guess you could use dynamic for that (doc/DYNAMIC in jumbo).

I briefly looked into implementing this as a dynamic, however we appear
to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6).
Specifically, I couldn't find a way to reuse raw (as opposed to
hex-encoded) output of SHA-1 for another SHA-1 computation.

Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that
this is not currently possible (and make it possible in a later version).



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.