Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Aug 2012 23:50:44 -0500
From: Richard Miles <richard.k.miles@...glemail.com>
To: john-users@...ts.openwall.com
Subject: Re: Is there any patch to crack MySQL Network auth?

Hi Aleksey,

I guess you are right, but neither your dynamic example worked in my test
case and it works in Cain&Abel.

Thanks.

On Wed, Aug 22, 2012 at 1:20 PM, Aleksey Cherepanov <
aleksey.4erepanov@...il.com> wrote:

> On Wed, Aug 22, 2012 at 01:11:14PM -0500, Richard Miles wrote:
> > Humm... anyone was able to crack a simple Mysql network authentication
> with
> > this Dynamic feature? I tested with sha1($s.(sha1($p))) and no luck.
>
> I guess you mean sha1($s.sha1(sha1($p))), i.e. double sha1 from
> password, don't you?
>
> > On Wed, Aug 22, 2012 at 12:06 PM, Aleksey Cherepanov <
> > aleksey.4erepanov@...il.com> wrote:
> >
> > > On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote:
> > > > Need to brute that:
> > > > SHA1(salt + SHA1(SHA1($password)))
> > >
> > > I guess you could use dynamic for that (doc/DYNAMIC in jumbo).
>
> --
> Regards,
> Aleksey Cherepanov
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.