Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 19 Aug 2012 00:30:54 +0800
From: myrice <qqlddg@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: [john-users] Salted MD5 (was: Salted MD5 cracking problems)

On Sun, Aug 19, 2012 at 12:26 AM, myrice <qqlddg@...il.com> wrote:
> Solar,
>
> (Sorry for not see your irc message)
>
> On Mon, Aug 13, 2012 at 11:45 PM, Vladimir Vorontsov
> <vladimir.vorontsov@...ec.ru> wrote:
>
>>> How many of these do you need to try cracking?  Is the salt length
>>> fixed (at 8?) or variable?  In fact, is the salt value fixed or do
>>> you have multiple per-hash salts?  What cracking mode(s) would you
>>> prefer to use?
>>
>> Salt length is fixed and can be 2 bytes (osCommerce) or 8 bytes
>> (Bitrix and some another). I'm never seen anothers lengths. But it is
>> possible in self-coded web-applications, not CMS.
>> Salt value is not fixed always. We have unique salt per hash.
>>
>
> Do we implement 2bytes salt and 8bytes as separate format?
>
> What will the format ciphertext like? If we have two salt length in
> one, I think we could:
>
> "$SaltMD5o$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"
> and
> "$SaltMD5b$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"
>
> Thanks
> myrice

Oh, the salt length is wrong. It should be:
"$SaltMD5o$1234$4a2a1b013da3cda7f7e0625cf3dc3f4c","thatsworking" for 2
bytes salt
and
"$SaltMD5b$1234567890123456$======hash=======", "plaintext" for 8bytes salt

Thanks
myrice

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ