Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Feb 2013 17:25:02 -0700
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

On 8 February 2013 17:05, Stephen John Smoogen <smooge@...il.com> wrote:
> On 8 February 2013 17:01, Solar Designer <solar@...nwall.com> wrote:
>> On Sat, Feb 09, 2013 at 12:47:19AM +0100, Frank Dittrich wrote:
>>> I tried to google for more information, but got
>>>
>>> | Our apologies
>>> |
>>> | The IBM developerWorks Web site is currently under maintenance.
>>> |
>>> | Please try again later. Thank you.
>>
>> There's a copy in Google's cache, which gives this sample:
>>
>> | Change the user's password:
>> | # passwd mehdi   <-- I set this password: "Thisisanewlongpassword:)"
>> |
>> | If you are curious, have a look at /etc/security/passwd:
>> | # grep -p mehdi /etc/security/passwd
>> | mehdi:
>> |         password = {ssha512}06$Zq5raZlRV3yGMiqT$07e5A.zEP/XnDWto5B4.JMszwgWEIH68mMcrzHCC9h5OmKEQ.SsBKw3hexid3hT9X0al.39iSV/Xi1txzU5C..
>>
>> This page gives another:
>>
>> http://www.ibmsystemsmag.com/aix/administrator/security/password_hash/?page=2
>>
>> | If I change the password for the user brian to "colorado" again the /etc/security/passwd file will now show:
>> |
>> | brian:
>> |       password =
>> | {ssha512}06$otYx2eSXx.OkEY4F$No5ZvSfhYuB1MSkBhhcKJIjS0.q// wdkcZwF9/TXi3EnL6Qero
>> | nmS0jCc3P2aEV9WLi5arzN1YjVwkx8bng..
>>
>> Neither matches standard sha512crypt.  I also tried other likely default
>> iteration counts (like 1000 and 10000) - no luck.
>
> I am thinking that their base64 transformation is not the same as that
> used by the other OS crypts but is using the old crypt style base64
> with different letters and a slightly different order of
> transformation.

So from another set.. the number of rounds are powers of 2. So instead
of 1000 they will be 1024
http://www.pcclm.com/2013/02/increase-password-security-on-linux.html

And I am smokin crack on crypt styles.. I saw the space in the version
listed and was thinking it was different from standard characters. I
then went and looked at the SSHA format that LDAP uses and got the
following

$ pwdhash -s SSHA512 'colorado'
{SSHA512}rgnHDUg4S7+WU6nu2PrEY9BRMsjw99QKudEPpUYblJtPk/laB1lz/mt5PXL12lXOGgTCW6MAWGmGlMHi07QIc9fZjndFHSUn

and then I guess I lit up and took a deep toke when I saw the +


-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.