Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <019101cd8140$95c9c1d0$c15d4570$@net>
Date: Thu, 23 Aug 2012 10:04:24 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Is there any patch to crack MySQL Network auth?

This is not a simple fix. I am not sure I would be able to get this out for
the current jumbo, but can get changes in to a future version.  Yes, the
only 'raw' methods work with fixed md5 (md4) sized crypt buffers.

>From: Solar Designer [mailto:solar@...nwall.com]
>
>Jim -
>
>On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote:
>> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote:
>> > Need to brute that:
>> > SHA1(salt + SHA1(SHA1($password)))
>>
>> I guess you could use dynamic for that (doc/DYNAMIC in jumbo).
>
>I briefly looked into implementing this as a dynamic, however we appear
>to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6).
>Specifically, I couldn't find a way to reuse raw (as opposed to
>hex-encoded) output of SHA-1 for another SHA-1 computation.
>
>Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that
>this is not currently possible (and make it possible in a later
>version).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.