Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Sep 2011 23:05:04 +0400
From: Solar Designer <>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

Jim -

On Sun, Sep 25, 2011 at 02:00:17PM -0500, JFoug wrote:
> I think we need to make sure the signatures are 'right'.  It sounds like 
> the find user signature may not be correct yet.  I have no way at all of 
> knowing, since I can not generate test plist files.

These are hacks that might break any time - for both hash and username.

For the username, it's more of a hack - we're not actually extracting
the username field (since this would take more advanced parsing of the
file); we're instead extracting the likely username from another field
(some Kerberos related stuff, I think).

Yet I think it's reasonable for now.  And we also need a more reliable
script/program, which would have extra dependencies (e.g. not just Perl,
but also CPAN modules).  We can include both.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.