|
Message-ID: <034b01cd5e01$dcc48fa0$964daee0$@net>
Date: Mon, 9 Jul 2012 13:37:14 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: request for new dynamic subformats
This patch should get the first 2 formats in. I have not done the new files
for the TS yet. This patch should probably put in all branches.
Here are pass_gen.pl lines I am using, to build test strings, for anyone
wanting to learn more about that tool.
./pass_gen.pl 'dynamic=num=35,format=sha1($u.$c1.$p),usrname=uc,const1=:'
and
./pass_gen.pl 'dynamic=num=36,format=sha1($u.$c1.$p),usrname=true,const1=:'
ManGOS will be dynamic_35 and ManGOS2 will be dynamic_36. The only
questions I have are the 'strtoupper' in dyna_35. Are we going to have
encoding issues here? I am hopeful that dynamic has taken this into
account, but I will have to audit it, to make 'sure' (the same will be for
the strlower in the 3rd type).
Now, I have questions for type #3 and #4. In these, they are a full SHA,
but only a truncation gets stored to the file? Is that truncation the first
part of the SHA string, or the last?
Jim.
>From: Dhiru Kholia
>1. SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
>Works for all private server projects that use the same hashing
>method: trinity, ascent and others.
>
>2. SHA-1(ManGOS2) = sha1($username.':'.$pass) # already supported?
>
>3. sha1(strtolower($username).$pass)
>Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
>Used in SMF.
>Length: 20 bytes.
>
>4. sha1($salt.sha1($salt.sha1($pass))) # thick format already exits
>Used in Woltlab BB.
>Length: 20 bytes.
Download attachment "JtR-New-Dynamic-35-36-SHA-types.diff" of type "application/octet-stream" (3992 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.