Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150719101802.G0NT2.144021.imail@eastrmwml214>
Date: Sun, 19 Jul 2015 10:18:02 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: nsldap can be cracked together with raw-sha1


---- Aleksey Cherepanov <lyosha@...nwall.com> wrote: 
> I looked into the src/nsldap_fmt_plug.c and I think that nsldap format
> can be cracked together with raw-sha1. The only difference is
> cyphertext encoding: raw-sha1 uses hex while nsldap uses base64 (and
> other tag, obviously).
> 
> #define FORMAT_LABEL			"nsldap"
> #define FORMAT_NAME			"Netscape LDAP {SHA}"
> 
> Don't I miss something? Should not these formats be merged?

No, you did not miss anything. They should be merged. And for good reasons.  raw-sha1 is faster than nsldap.  The key setup is a little different (not sure if better or not).  raw-sha1 uses openmp, but the biggest gain is raw-sha1 uses SSEi_REVERSE_STEPS which also gains speed by skipping some work at the end of the hashing step.   I see about 10% faster on my wimpy laptop for raw-sha1.

Should not be too hard to do.  A change to prepare (possibly split), and it is done.   The nsldap format label/name would simply go away however.  The nsldap stuff would simply be 'part' of what is handled by raw-sha1.

Proper merging of functions like this would be a pretty good GSoC task, I think, along with identifying possible candidates (there probably are more of them).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.