Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130818200146.GA31242@openwall.com>
Date: Mon, 19 Aug 2013 00:01:46 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

On Sun, Aug 18, 2013 at 11:51:07PM +0400, Solar Designer wrote:
> Triggered it again, saving pot files this time.  The missing
> hash:password is:
> 
> $2a$04$112345678911234567891ut.qFr6.NeNDdZuUfBk5WAqRX93tRWSS:38954
> 
> (this time).  In case this is relevant:
> 
> $ echo $[38954%32]
> 10
> 
> ... now to trigger this a few times more.

Two more:

$2a$04$112345678911234567891ur.oaCV2tDJHauGmoz3XARSRocAbQ0Ci:21542
$2a$04$112345678911234567891uVnXpBKo1PxsBoYbrgOLkoMFF1zhBEeG:39883

These are 6 and 11 (mod 32).

So far all three have this in common: the second one of two salts, and
the (mod 32) password numbers are all within the first half of a
32-password range.  (When generating these hashes, one of the two salts
was chosen at random, without obvious correlation to hash number.  So
these are two separate observations.)

Of course, 3 is not enough for statistics.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.