Added hash-mode: Citrix NetScaler (PBKDF2-HMAC-SHA256) #3984
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Reviewing some other modules that also use PBKDF2-HMAC-SHA256, I can see that creating a 'new' kernel for this is redundant. The only reason I could see to actually implement and use a new kernel would be to take advantage of the fixed length of the salt/digest values but in my (admittedly amateur) attempts to make these changes I didn't see any performance benefits. I'll push a change to use the existing 10900 kernel instead of adding a new one. |
removing redundant new kernel
|
Consolidated this to use the existing PBKDF2-HMAC-SHA256 kernel, 10900 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here's code for a new hash-mode. It handles Citrix NetScaler's most recent (since 13.1) local system user password hashing scheme, PBKDF2-HMAC-SHA256 with 2500 rounds.
This is an extension of work done by my colleague @dru1d-foofus and I. You can find some additional background and documentation : here
As a quick summary, this is basically a re-worked implementation of the existing hash mode 10900. The kernel is essentially unchanged and the module has been modified to reflect the the different token parsing scheme and input type (hex instead of base64). I've also made some changes to buffer sizes to reflect the static length of the salt.
I've tested this on a handful of manually generated hashes pulled from a Citrix NetScaler appliance and it works as expected on an OpenCL cpu-based platform, as well as a CUDA-driven gpu-based platform.
Thanks!