Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <9f84fa0a9eabc63e1b7e7be94450abae@smtp.hushmail.com>
Date: Fri, 08 Jun 2012 09:11:15 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: rawSHA1_LI internals (was: JtR to process the LinkedIn hash dump)

On 06/08/2012 07:22 AM, Frank Dittrich wrote:
> The other solution is similar, but involves you new get_source.
> It should be trivial to restore the correct sha1 hex string, even if you
> loaded the one with '00000'.
> This could make the cracked LinkedIn hashes stored in john.pot valid for
> the normal raw-sha1 format.
> (Assuming that the '00000' don't cause false positives, but that should
> be a valid assumption.)

I had a similar thought. I think this is a cool idea. Could we do it 
without hacking core? We need to do this:

1. Always load hashes (binaries) with first 20 bits cleared.
2. Always store complete hashes.
3. Always compare hashes without regarding first 20 bits.

#3 is easy when cracking (already done in cmp_*) but how about when 
loading and comparing to john.pot entries? Could prepare() be used?

BTW Jim, I'm just now comparing rawSHA1_fmt_plug.c and 
rawSHA1_LinkedIn_fmt_plug.c using meld. I notice cmp_all() is unchanged. 
I must be missing something, how can this work? We should only look at 
binary[1] but as far as I can see this is not the case. I know the code 
works, but how!?

Also, I really think half of the self-tests should have the zeroed bits.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.