Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <043601cc77c1$c9542470$5bfc6d50$@net>
Date: Tue, 20 Sep 2011 13:19:07 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Mac OS X 10.7 Lion password hashes (salted SHA-512)

>From: Solar Designer [mailto:solar@...nwall.com]
>
>There's a lot of talk regarding these lately:
>
>http://davegrohl.org
>http://www.frameloss.org/2011/09/05/cracking-macos-lion-passwords/
>http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html
>http://www.reddit.com/r/netsec/comments/kjrut/cracking_os_x_lion_passwor
>ds/
>
>Clearly, John the Ripper will support them very soon.  The reason I am
>posting in here is to ask for opinions on what we should use as the
>canonical representation for these hashes and what other representations
>(if any) we should support in input files.  Any suggestions?
>
>Perhaps just 136 hex digits, leaving the decoding of base64 and binary
>plist files for external tools?  And add, say, the $LION$ prefix to
>store them non-ambiguously?

I think that is ideal.  A standard john tool (lion2john) to double base64
the input file, and then output this type line:

user:$LION$salt$base16_hash   

is probably the correct output for that tool to generate, and for the format
to validate and use.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.