Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 19 Aug 2012 00:30:54 +0800
From: myrice <>
Subject: Re: [john-users] Salted MD5 (was: Salted MD5 cracking problems)

On Sun, Aug 19, 2012 at 12:26 AM, myrice <> wrote:
> Solar,
> (Sorry for not see your irc message)
> On Mon, Aug 13, 2012 at 11:45 PM, Vladimir Vorontsov
> <> wrote:
>>> How many of these do you need to try cracking?  Is the salt length
>>> fixed (at 8?) or variable?  In fact, is the salt value fixed or do
>>> you have multiple per-hash salts?  What cracking mode(s) would you
>>> prefer to use?
>> Salt length is fixed and can be 2 bytes (osCommerce) or 8 bytes
>> (Bitrix and some another). I'm never seen anothers lengths. But it is
>> possible in self-coded web-applications, not CMS.
>> Salt value is not fixed always. We have unique salt per hash.
> Do we implement 2bytes salt and 8bytes as separate format?
> What will the format ciphertext like? If we have two salt length in
> one, I think we could:
> "$SaltMD5o$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"
> and
> "$SaltMD5b$123456$c02e8eef3eaa1a813c2ff87c1780f9ed","test1"
> Thanks
> myrice

Oh, the salt length is wrong. It should be:
"$SaltMD5o$1234$4a2a1b013da3cda7f7e0625cf3dc3f4c","thatsworking" for 2
bytes salt
"$SaltMD5b$1234567890123456$======hash=======", "plaintext" for 8bytes salt


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ