Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Apr 2016 16:24:27 +0000
From: Francois Gaudreault <fgaudreault@...ecure.ca>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Dynamic and Very long Salt

Hi,

On 2016-04-11, 10:58 AM, "jfoug" <jfoug@...nwall.net> wrote:


>On 4/11/2016 8:52 AM, Francois Gaudreault wrote:
>> I am having an issue adding a dynamic format for a very long salt. It’s the first time I attempt to do such action, so please be gentle. ;)
>> Here is the definition I tried :
>>
>> [List.Generic:dynamic_1600]
>> Expression=sha1($s.utf16le($p))
>> Flag=MGF_INPUT_20_BYTE
>> Flag=MGF_FLAT_BUFFERS
>> Flag=MGF_SALTED
>> SaltLen=113
>> Func=DynamicFunc__clean_input
>> Func=DynamicFunc__append_salt
>> Func=DynamicFunc__setmode_unicode
>> Func=DynamicFunc__append_keys
>> Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
>> Test=$dynamic_1600$e6155f87b073451076d81e3505f8b9fcd3f53b5a$HEX$710000000403020101000000bc0200000000000010500050005700450042004500580054000645004e0047000e50005300460054005f00480052003432003000310036002d00300034002d00300038002d00310039002e00320037002e00300035002e0030003000300030003000320000:password
>
>Are all salts 113 bytes long?  If not (but 113 bytes is the max), then 
>you would want use SaltLen=-113
The salt length is variable depending on some environmental variables (e.g. Username), but I believe we can set a higher maximum number, and adjust ad-hoc based on what the systems will use.

>
>The problem here, is that there are embedded nulls in the salt. Within 
>the valid() function dynamic, it first sees the $HEX$ and tries to 
>remove it but keep it in 'C' null terminated string format.  However, 
>that can not be done with the nulls.  So what happens, is the salt 
>length is not 113 bytes, but 113*2+5 bytes long, and the valid is failing.
I see. This salt format is very ugly, and unfortunately, keeping the integrity is important otherwise the SHA1 hash will not be right. By the way, I did the test by setting the SaltLen to -232 direct in the dynamic.conf and it appeared to work! :)

Thanks for the help.

FG

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.