john-dev - Re: FormSpring valid()

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CABtNtWEXk7-foDjJ6wxdePQdmQHjy1vEMqZQXoGdeakFCQXTkA@mail.gmail.com>
Date: Mon, 7 Sep 2015 21:27:55 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: FormSpring valid()

Hi Alexander,

On Mon, Sep 7, 2015 at 1:28 AM, Solar Designer <solar@...nwall.com> wrote:
>
> Kai - how did you obtain the test vectors that you added to
> formspring_fmt_plug.c in 101bed96efba9509f5f60447a342a00024bba17e?
> Specifically, where did their salts come from?  Why are they of 8 hex
> digits whereas the existing test vectors used two-char salts?

In dynamic_preloads.c::121

//dynamic_60 -->sha256($p)

So I can generate test vectors by:

$ ./john --test=0 --format='dynamic=sha256($s.$p),debug'

push
app_sh
.
app_p
f256h

crc32 = FA32CD48
pExpr=sha256($s.$p)
extraParams=,debug
signature=@...amic=sha256($s.$p),debug@
line1=@...amic=sha256($s.$p)@a987090ac31f466c4637e22858aa3db0001e7c0ad8e6724e26e76b8e531df46c$76931fac
line2=@...amic=sha256($s.$p)@bb18710c098cc97a204d9a17bdd701d323a48ccaf67adcf67186a91da3619ac9$9dab2b36
line3=@...amic=sha256($s.$p)@eecc9358bf47c8739dd988c1926a5346721557ed50665c4ef41224fceb009ad5$c248b87d

##############################################################
#  Dynamic script for expression sha256($s.$p),debug
##############################################################
Expression=dynamic=sha256($s.$p)
#  Flags for this format
Flag=MGF_FLAT_BUFFERS
Flag=MGF_SALTED
Flag=MGF_INPUT_32_BYTE
#  Lengths used in this format
SaltLen=-32
MaxInputLenX86=110
MaxInputLen=110
#  The functions in the script
Func=DynamicFunc__clean_input_kwik
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_keys
Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
#  The test hashes that validate this script
Test=@...amic=sha256($s.$p)@a987090ac31f466c4637e22858aa3db0001e7c0ad8e6724e26e76b8e531df46c$76931fac:abc
Test=@...amic=sha256($s.$p)@bb18710c098cc97a204d9a17bdd701d323a48ccaf67adcf67186a91da3619ac9$9dab2b36:john
Test=@...amic=sha256($s.$p)@eecc9358bf47c8739dd988c1926a5346721557ed50665c4ef41224fceb009ad5$c248b87d:passweird


Thanks,

Kai

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.