Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2022 14:31:41 +0200
From: Matthias Apitz <>
Cc: Solar Designer <>
Subject: Re: using john to decrypt DES hashes

El día jueves, octubre 13, 2022 a las 10:30:06p. m. +0200, Solar Designer escribió:

> On Thu, Oct 13, 2022 at 08:02:17PM +0200, Matthias Apitz wrote:
> > El d??a jueves, octubre 13, 2022 a las 06:07:02p. m. +0200, Solar Designer escribi??:
> > 
> > > On Thu, Oct 13, 2022 at 03:55:32PM +0200, Matthias Apitz wrote:
> > > > Do I understand you correct: I yescrypt all DES strings in the database
> > > > and when the user presents the PIN 4711 I first crypt the with DES and
> > > > the old salt 'xX' and the result with yescrypt and the stored "$y$...."  
> > > > salt and when this match the user is authenticated, correct?
> > > 
> > > That's correct.
> > > 
> > > In your example, though, a 4-digit PIN is too weak even when you use
> > > yescrypt.  You'll probably want to also introduce a password policy,
> > > such as by using our passwdqc.
> > 
> > Thanks. I didn't wanted to stress with all details. The PIN can be upto
> > 40 bytes long (minimum is 11), is broken into pieces of 8 and DES encrypted
> > each part, resulting hashes are then concatenated with the salt only once
> > in front of the concatenation. This is some kind of standard procedure, I don't
> > remember it's name now.
> Oh, this sounds similar to (but not exactly is) bigcrypt (where the
> salts would be different).
> Anyway, you can compute yescrypt from the concatenated descrypt hashes.
> ...

I have implemented this now in all our C-written application
servers. The clear PIN is hashed by:

   hash = MakeCryptYescrypt(MakeCryptDes(PIN), NULL);
   and the hash is stored in the database row for the user

The check if the PIN is correct entered is made by

   if (strcmp(hash, MakeCryptYescrypt(MakeCryptMakeCryptDes(PIN), hash)) == 0) {
      /* PIN is good */

This is all fine now.

The last problem to solve is, that also some Java-written application is
doing the same encryption and checks and I can find any Java
implementation of yescrypt. Before writing a NIF to a C-function, I
wanted to ask the experts. If there is a better mailing list in, please point me to this as well.

Thanks in advance


Matthias Apitz, ✉, +49-176-38902045
Public GnuPG key:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.