Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20221028133003.GA16587@openwall.com>
Date: Fri, 28 Oct 2022 15:30:04 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Cc: Matthias Apitz <guru@...xarea.de>
Subject: Re: using john to decrypt DES hashes

On Fri, Oct 28, 2022 at 02:31:41PM +0200, Matthias Apitz wrote:
> I have implemented this now in all our C-written application
> servers. The clear PIN is hashed by:
> 
>    hash = MakeCryptYescrypt(MakeCryptDes(PIN), NULL);
>    and the hash is stored in the database row for the user
> 
> The check if the PIN is correct entered is made by
> 
>    if (strcmp(hash, MakeCryptYescrypt(MakeCryptMakeCryptDes(PIN), hash)) == 0) {
>       /* PIN is good */
>    }   
> 
> This is all fine now.
> 
> The last problem to solve is, that also some Java-written application is
> doing the same encryption and checks and I can find any Java
> implementation of yescrypt. Before writing a NIF to a C-function, I
> wanted to ask the experts. If there is a better mailing list in
> openwall.com, please point me to this as well.

We definitely need to take this off the john-users list.  There is a
list for yescrypt:

https://www.openwall.com/lists/yescrypt/

It's mostly unused so far, but that shouldn't stop you from joining it
and starting to post there.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.