Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2015 17:10:37 +0300
From: Ivan Novikov <in@...larm.com>
To: john-users@...ts.openwall.com
Subject: dynamic.cnf: SHA1 40 bytes, not first 32

Hi all!

Just want to brute hash for following ruby code (graylog):

      def password_digest(password, salt)
        digest = REST_AUTH_SITE_KEY
        REST_AUTH_DIGEST_STRETCHES.times do
          digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
    ...
    def secure_digest(*args)
      Digest::SHA1.hexdigest(args.flatten.join('--'))
    end
    ...
    REST_AUTH_DIGEST_STRETCHES = 10
    ...
    REST_AUTH_SITE_KEY         = 'e394874f149f5867149f026af47b2f9506b76e63'

10 rounds of SHA1 with two different salts (static and user).
Samples:
Test=$dynamic_1504$c7c8c668720a795975baf07ce6eda2aac52b84cc$salt:password
Test=$dynamic_1504$15befede59f9d685170e78495f6a02849e6b7f28$uyagsf78s6ga8cfvgbhnjkefhagsid78f:password

But i can't understand why DynamicFunc__SHA1 is 32 bytes function
instead of 40 bytes...
As a first step i want top produce 10xSHA1 rounds but following code
doesn't work:

[List.Generic:dynamic_1504]
Expression=sha1 x10($pass)
Flag=MGF_FLAT_BUFFERS
Flag=MGF_KEYS_INPUT
MaxInputLen=110
MaxInputLenX86=110
Func=DynamicFunc__clean_input2_kwik
Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2_base16
Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL

Can you please get me advice?


Download attachment "signature.asc" of type "application/pgp-signature" (883 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.