Date: Thu, 23 Aug 2012 10:04:24 -0500 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: Is there any patch to crack MySQL Network auth? This is not a simple fix. I am not sure I would be able to get this out for the current jumbo, but can get changes in to a future version. Yes, the only 'raw' methods work with fixed md5 (md4) sized crypt buffers. >From: Solar Designer [mailto:solar@...nwall.com] > >Jim - > >On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote: >> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote: >> > Need to brute that: >> > SHA1(salt + SHA1(SHA1($password))) >> >> I guess you could use dynamic for that (doc/DYNAMIC in jumbo). > >I briefly looked into implementing this as a dynamic, however we appear >to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6). >Specifically, I couldn't find a way to reuse raw (as opposed to >hex-encoded) output of SHA-1 for another SHA-1 computation. > >Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that >this is not currently possible (and make it possible in a later >version).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.