Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Feb 2013 19:35:22 -0500
From: Jon Schipp <jonschipp@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

In case this helps, from pwdalg.cfg

"cost_num=cost
*
*       The default hashing iterations is 2^cost. The valid value of cost is
*       an integer between 4 and 31, inclusive. The default cost value is 6."

On Fri, Feb 8, 2013 at 7:25 PM, Stephen John Smoogen <smooge@...il.com> wrote:
> On 8 February 2013 17:05, Stephen John Smoogen <smooge@...il.com> wrote:
>> On 8 February 2013 17:01, Solar Designer <solar@...nwall.com> wrote:
>>> On Sat, Feb 09, 2013 at 12:47:19AM +0100, Frank Dittrich wrote:
>>>> I tried to google for more information, but got
>>>>
>>>> | Our apologies
>>>> |
>>>> | The IBM developerWorks Web site is currently under maintenance.
>>>> |
>>>> | Please try again later. Thank you.
>>>
>>> There's a copy in Google's cache, which gives this sample:
>>>
>>> | Change the user's password:
>>> | # passwd mehdi   <-- I set this password: "Thisisanewlongpassword:)"
>>> |
>>> | If you are curious, have a look at /etc/security/passwd:
>>> | # grep -p mehdi /etc/security/passwd
>>> | mehdi:
>>> |         password = {ssha512}06$Zq5raZlRV3yGMiqT$07e5A.zEP/XnDWto5B4.JMszwgWEIH68mMcrzHCC9h5OmKEQ.SsBKw3hexid3hT9X0al.39iSV/Xi1txzU5C..
>>>
>>> This page gives another:
>>>
>>> http://www.ibmsystemsmag.com/aix/administrator/security/password_hash/?page=2
>>>
>>> | If I change the password for the user brian to "colorado" again the /etc/security/passwd file will now show:
>>> |
>>> | brian:
>>> |       password =
>>> | {ssha512}06$otYx2eSXx.OkEY4F$No5ZvSfhYuB1MSkBhhcKJIjS0.q// wdkcZwF9/TXi3EnL6Qero
>>> | nmS0jCc3P2aEV9WLi5arzN1YjVwkx8bng..
>>>
>>> Neither matches standard sha512crypt.  I also tried other likely default
>>> iteration counts (like 1000 and 10000) - no luck.
>>
>> I am thinking that their base64 transformation is not the same as that
>> used by the other OS crypts but is using the old crypt style base64
>> with different letters and a slightly different order of
>> transformation.
>
> So from another set.. the number of rounds are powers of 2. So instead
> of 1000 they will be 1024
> http://www.pcclm.com/2013/02/increase-password-security-on-linux.html
>
> And I am smokin crack on crypt styles.. I saw the space in the version
> listed and was thinking it was different from standard characters. I
> then went and looked at the SSHA format that LDAP uses and got the
> following
>
> $ pwdhash -s SSHA512 'colorado'
> {SSHA512}rgnHDUg4S7+WU6nu2PrEY9BRMsjw99QKudEPpUYblJtPk/laB1lz/mt5PXL12lXOGgTCW6MAWGmGlMHi07QIc9fZjndFHSUn
>
> and then I guess I lit up and took a deep toke when I saw the +
>
>
> --
> Stephen J Smoogen.
> "Don't derail a useful feature for the 99% because you're not in it."
> Linus Torvalds
> "Years ago my mother used to say to me,... Elwood, you must be oh
> so smart or oh so pleasant. Well, for years I was smart. I
> recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.