Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Sep 2015 10:08:44 -0500
From: JimF <>
Subject: Re: FormSpring valid()

On 9/7/2015 8:27 AM, Kai Zhao wrote:
> Hi Alexander,
> On Mon, Sep 7, 2015 at 1:28 AM, Solar Designer <> wrote:
>> Kai - how did you obtain the test vectors that you added to
>> formspring_fmt_plug.c in 101bed96efba9509f5f60447a342a00024bba17e?
>> Specifically, where did their salts come from?  Why are they of 8 hex
>> digits whereas the existing test vectors used two-char salts?
> In dynamic_preloads.c::121
> //dynamic_60 -->sha256($p)
> So I can generate test vectors by:
> $ ./john --test=0 --format='dynamic=sha256($s.$p),debug'
If you change your command to this:

$ ./john --test=0 --format='dynamic=sha256($s.$p),saltlen=2,debug'

It would give proper 2 byte salts for you.


$ echo -n test | run/ formspring
#!comment: Built with using RAW mode, 0 to 128 characters dict file=stdin

   ** Here are the hashes for format formspring **

Also works. was built to provide workable hashes for most of johns format. It does a pretty decent job. It even contains a dynamic 'expression building'  (the logic from it actually was used to make the @dynamic=@ format in john).  It really should be looked at as a first source of obtaining new hashes.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.