Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Feb 2013 17:47:37 -0700
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

On 8 February 2013 17:39, Solar Designer <solar@...nwall.com> wrote:
> On Fri, Feb 08, 2013 at 07:35:22PM -0500, Jon Schipp wrote:
>> In case this helps, from pwdalg.cfg
>>
>>
>> "cost_num=cost
>> *
>> *       The default hashing iterations is 2^cost. The valid value of cost is
>> *       an integer between 4 and 31, inclusive. The default cost value is 6."
>
> Isn't this written in context of bcrypt hashes (which they call sblowfish)?
> If so, we knew that, but it's irrelevant.
>
> Do you suspect they were dumb enough to apply the same low iteration
> counts for sha512crypt, where each iteration is a lot cheaper?  Well,
> maybe.  Got to test the 1 to 999 range.

Why yes... yes they would:

http://maben.homeip.net/static/computers/aix/aix61/AIX61%20Differences%20Guide.pdf


Algorithm  Maximum    Length of    Iterations  Length of  Maximum
           Password   Salt, base64             Hashed     Length
           Length                              String,    of Hashed
                                               base64     Password, base64
SHA512     255        8 to 24-char 2^4->2^31   86-char    123-char
                                            ({ssha512}nn$salt$hashed_str)


The 6 says 6 rounds and not format 06 as we thought.

> Alexander



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.