[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] using john to decrypt DES hashes
From:       Solar Designer <solar () openwall ! com>
Date:       2022-10-28 13:30:04
Message-ID: 20221028133003.GA16587 () openwall ! com
[Download RAW message or body]

On Fri, Oct 28, 2022 at 02:31:41PM +0200, Matthias Apitz wrote:
> I have implemented this now in all our C-written application
> servers. The clear PIN is hashed by:
> 
>    hash = MakeCryptYescrypt(MakeCryptDes(PIN), NULL);
>    and the hash is stored in the database row for the user
> 
> The check if the PIN is correct entered is made by
> 
>    if (strcmp(hash, MakeCryptYescrypt(MakeCryptMakeCryptDes(PIN), hash)) == 0) {
>       /* PIN is good */
>    }   
> 
> This is all fine now.
> 
> The last problem to solve is, that also some Java-written application is
> doing the same encryption and checks and I can find any Java
> implementation of yescrypt. Before writing a NIF to a C-function, I
> wanted to ask the experts. If there is a better mailing list in
> openwall.com, please point me to this as well.

We definitely need to take this off the john-users list.  There is a
list for yescrypt:

https://www.openwall.com/lists/yescrypt/

It's mostly unused so far, but that shouldn't stop you from joining it
and starting to post there.

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]