Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 19 Aug 2012 00:26:12 +0800
From: myrice <qqlddg@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: [john-users] Salted MD5 (was: Salted MD5 cracking problems)

Solar,

(Sorry for not see your irc message)

On Mon, Aug 13, 2012 at 11:45 PM, Vladimir Vorontsov
<vladimir.vorontsov@...ec.ru> wrote:

>> How many of these do you need to try cracking?  Is the salt length
>> fixed (at 8?) or variable?  In fact, is the salt value fixed or do
>> you have multiple per-hash salts?  What cracking mode(s) would you
>> prefer to use?
>
> Salt length is fixed and can be 2 bytes (osCommerce) or 8 bytes
> (Bitrix and some another). I'm never seen anothers lengths. But it is
> possible in self-coded web-applications, not CMS.
> Salt value is not fixed always. We have unique salt per hash.
>

Do we implement 2bytes salt and 8bytes as separate format?

What will the format ciphertext like? If we have two salt length in
one, I think we could:

"$SaltMD5o$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"
and
"$SaltMD5b$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"

Thanks
myrice

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ