Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 May 2020 14:51:21 +0200
From: Solar Designer <>
Cc: gyula <>
Subject: Re: Is the example of HMAC-SHA512 right?

It turns out gyula posted the message without having joined the list, so
followed-up on my response off-list.  I'll summarize for the subscribers:

On Mon, May 04, 2020 at 11:24:37PM +0200, Solar Designer wrote:
> HMAC is defined as operating on key and data, not on password and salt,
> and its direct uses for password hashing are actually misuses.  The way
> we support cracking of HMAC-* in JtR is treating password as key and
> salt as data.  This appears to match the demand so far, although it's
> conceivable that the other order of these parameters would be used
> somewhere and would need to be supported in JtR, which it unfortunately
> is not.

gyula wrote to me off-list:

"In the hash I want to crack, the salt is key. However, the password is
key in JTR. So, I can't use it.

When many website auth the password, the password is added as data and
the salt is added as key. I think it makes sense if JTR support the
order of password and salt."

So we have a feature request here.  We don't seem to have a directly
corresponding GitHub issue yet (I'll create one shortly), although
addition of HMAC support to the dynamic format compiler would happen to
support both orderings of key and data:

"HMAC support in the dynamic format / compiler"


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.