Date: Sat, 25 Aug 2012 23:31:38 -0500 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: Is there any patch to crack MySQL Network auth? This code is now in magnum-jumbo (jumbo-unstable tree), and needs to be pushed into magnum-bleeding. This was a rather large amount of code change. It was my belief that we were locking down j6-fixes tree (jumbo-7) to fixes, so the code has not been targeted to that build. But the ability to do things like 'raw' multiple crypts on the larger hashes within dynamic is now possible. Jim. >Sent: Wednesday, August 22, 2012 2:56 PM > >Jim - > >On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote: >> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote: >> > Need to brute that: >> > SHA1(salt + SHA1(SHA1($password))) >> >> I guess you could use dynamic for that (doc/DYNAMIC in jumbo). > >I briefly looked into implementing this as a dynamic, however we appear >to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6). >Specifically, I couldn't find a way to reuse raw (as opposed to >hex-encoded) output of SHA-1 for another SHA-1 computation. > >Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that >this is not currently possible (and make it possible in a later >version).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.