Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 09 Jul 2008 12:29:27 +0200
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re: Problems with Netscape LDAP SSHA [salted SHA1]

Erik Winkler a écrit :
>> the commandline shows:
>>
>> me@...orithmix:~/john/run$ ./john --session=ldap ldap
>> Loaded 2 password hashes with 2 different salts (Netscape LDAP SSHA 
>> [salted SHA1])
>> me@...orithmix:~/john/run$
> 
> I used john-1.7.2 with the the jumbo patch 
> (http://www.openwall.com/john/contrib/john-1.7.2-all-12.diff.gz) applied 
> and it worked just fine.  I used a dictionary for speed.
> 
> ./john netscapetest.txt -w:/dic/mydictionary.lst
> Loaded 2 password hashes with 2 different salts (Netscape LDAP SSHA 
> [salted SHA1])
> XXXXXX           (datkommadr)
> XXXXXX           (dabob)
> guesses: 2  time: 0:00:00:05 100%  c/s: 576263  trying:

There were two problems:
* the set_key function assumed that you couldn't have two crypt_all 
calls without a set_key(key,0) between them. This assumption is all over 
the MMX stuff i wrote, so this kinda sucks, and might prove troublesome.
* the salt_hash function did that:

return *((int *)salt) % SALT_HASH_SIZE;

Of course, you could get negative values that way. I'm not sure why the 
latter problem seems to be of no consequence.

I updated myjohn.tgz, but I have no time for a standalone patch right 
now ...

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.