Date: Thu, 23 Oct 2014 21:10:08 -0400 From: David <john-users@....eml.cc> To: john-users@...ts.openwall.com Subject: Crashplan Hello All, I’ve been using CrashPlan for a while now, and finally decided it was time to do a little research into their handling of passwords. They say the backups themselves are encrypted with a Blowfish key (128 or 448 bit depending on whether you’re a free or paid customer) which they keep a copy of and “lock” with a salted and hashed version of either your account password or archive key password, unless you provide your own blowfish key. I also just did a tech support chat with CrashPlan and asked for more details and they pointed me at this pdf: http://essentials.code42.com/rs/code42software/images/TS011302_CrashPlanPROe_TechSpecs_Security.pdf. This says that “on the client, the account password is salted with a 64-bit random number and hashed multiple times using SHA-1." Anyway, if you back up to your own storage (or to a friend’s storage), they say they store the “secured key” with your backup files for the “guest restore” feature. It appears that the password hash is stored in a file called cp.properties inside your backup directory, but john doesn’t recognize the format by default. I have access to several different accounts’ cp.properties files since several family members use me as a backup destination, and they all follow the format: xxxxxxxxxxxxxxxxxxxxxxxxxxx\=\:xxxxxxxxxxx\= where the x’es are different per account, but all of them have the \=\: in the middle and \= at the end. How do we get John to process these hashes? Thanks, David
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.