Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 19:26:12 -0700
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA-512 supported?

On 13 February 2013 15:06, magnum <john.magnum@...hmail.com> wrote:
> On 11 Feb, 2013, at 16:56 , Solar Designer <solar@...nwall.com> wrote:
>> On Mon, Feb 11, 2013 at 10:26:01AM -0500, Jon Schipp wrote:
>>> $ time perl -e '$p = "{ssha512}04\$................\$"; print
>>> crypt("", $p), "\n"; for ($n = 0; $n < 100000; $n++) { $c = crypt($n,
>>> $p); print "$n $c\n" if ($c =~ /\.\.\.[^\$]*$/); }'
>>> 6TE2Fa9WkC.UM
>> [...]
>>
>> OK, we're totally out of luck with this approach.  Thanks anyway!
>
> This seems to be a limitation of [that] perl and not of crypt(3):
> http://pic.dhe.ibm.com/infocenter/aix/v7r1/topic/com.ibm.aix.basetechref/doc/basetrf1/crypt.htm
>
> Excerpt:
>> If the left brace ( { ) is the first character of the value that the Salt parameter specifies, then the Loadable Password Algorithm (LPA) uses the name that is specified within the braces ( {} ). A set of salt characters follows the LPA name and ends with a dollar sign ($). The length of the salt character depends on the specified LPA. The following example shows a possible value for the SMD5 LPA that the Salt parameter specifies:
>> {SMD5}JVDbGx8K$
>
>
> So the same tests written in C should work. Jon, can you compile a trivial C program on that box? I mean, is there a compiler available?
>
> magnum


* To generate smd5 password hash compatible to standard salted MD5,
* add the following option line for smd5 stanza.
*       lpa_options = std_hash=true
*
* Note : password hash generated with this option won't be compatible with
* hash generated without this option.
*

It would be interesting to see what format the strings take when this
option is set also. That might give a better version to look for.
-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.