==== Todo ==== Internal Changes ---------------- * C extensions to speed up some implementations Other Hash Formats ------------------ * generic raw digests encoded as hex * FSHP (a pbkdf1 variant) https://github.com/bdd/fshp * rfc2307 format hashes http://tools.ietf.org/html/rfc2307 * Mac OSX hash formats * SCrypt http://www.tarsnap.com/scrypt.html https://bitbucket.org/mhallin/py-scrypt/src * Oracle Hashes http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/ * Any other PBKDF1/2 variants some backend notes - http://www.di-mgt.com.au/cryptoKDFs.html * Check list of hashes on http://openwall.info/wiki/john/sample-hashes Notes on Mac OSX hash formats ============================= Summary of info from http://www.dribin.org/dave/blog/archives/2006/04/28/os_x_passwords_2/ osx < 10.2 used /etc/passwd w/ DES-CRYPT osx 10.3 hash file (passwd "macintosh") D47F3AF827A48F7DFA4F2C1F12D68CD6 <-- nthash 08460EB13C5CA0C4CA9516712F7FED95 <-- lmhash 01424f955c11f92efef0b79d7fa3fb6be56a9f99 <-- sha1 osx 10.4 hash file (passwd "macintosh") 00000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 000000000E6A48F765D0FFFFF6247FA80D748E615F91DD0C7431E4D9000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 00000000000000000000000000000000000000000000000000000000000000000000000000000000\ 0000000000000000000000000000000000000000 offset 0-64 - nt hash + lm hash OR all zeros offset 64 - 40 chars - raw sha1 password OR all zeroes (if from upgraded from 10.3) offset 169-216 ( 48 chars) - salted sha1 hash - unhex first 8 chars + password | sha1 -> hexdigest