Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2012 11:29:08 -0600
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Issue with dynamic format scripting

Here is the patch file.  ALSO, you need to change your script to this. The
\n needs to be \x0A

[List.Generic:dynamic_1401]
Expression=md5($u.\nskyper\n.$p) [Skype MD5]
Flag=MGF_USERNAME
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_userid
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__append_keys
Func=DynamicFunc__crypt
CONST1=\x0Anskyper\x0A
Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f7:password:username
Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f7$$Uusername:password

The 'issue' with requiring a spurious MGF_SALTED was removed. The usage of
the MGF_USERNAME also includes the SALTED flag, so it is not needed to be
separately placed in a script any more. 

>From: jm@...izoku.org [mailto:jm@...izoku.org] On Behalf Of Jean-Michel
>
>[List.Generic:dynamic_1401]
>Expression=md5($u.\nskyper\n.$p) [Skype MD5]
>Flag=MGF_USERNAME
>Func=DynamicFunc__clean_input
>Func=DynamicFunc__append_userid
>Func=DynamicFunc__append_input1_from_CONST1
>Func=DynamicFunc__append_keys
>Func=DynamicFunc__crypt
>CONST1=\nskyper\n
>Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f7:password:username
>Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f7$$Uusername:password
>
>
>Additional test vectors can be computed directly in bash:
>echo -ne "username\nskyper\npassword" | md5sum
>
>I remember a post of Nicolas Ruff having almost the same issue few
>months ago. His case was solved by adding the MGF_SALTED flag to the
>format even if there is no salt. But it did not work in my case. The
>flag MGF_NOTSSE2Safe did not help neither.


[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ