Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 20 Apr 2013 15:35:52 +0000 (UTC)
From: john user <johnuser1243@...oo.com>
To: john-dev@...ts.openwall.com
Subject: Re: Bug report: specific hex salted hash failure additional issue

jfoug <jfoug@...> writes:

> 
> This patch should correct this problem.
> 
> There were parts of the salt() function and function that does the internal
> salt unique code (dynamic has to do its own salt unique computations).
> 
> What this does is to ONLY adjust the salt types, IF there are supposed to be
> $$2, or $$U or $$F# values in the salt.  If the format does not have a use
> name listed, but there is a $$U found in the salt, it should be left alone.
> 
> From: john user Sent: Tuesday, April 16, 2013 16:12
> >
> >also can play with these 3 byte salt values below which are an issue to me.
> >
> >$Uc
> >$2O
> >$2S
> ...
> 
> 
> Attachment (JtR_Bleeding_Dynamic_Salt2_UserID_Salt_Bug.patch):
application/octet-stream, 3212 bytes

Thank you for the updates.
Much better results with this patch included.
can I report another salted hash issue found however.

$dynamic_1007$413fc6e2e1e92ca167b58391768901dc$HEX$3a322c:,:@ 

md5(md5($p).$s)

$p ,:@
$s :2,

john --wordlist=mywords --format=dynamic_1007 inhashes.txt
Loaded 1 password hash (dynamic_1007 md5(md5($p).$s) (vBulletin) [128/128
SSE2 intrinsics 10x4x3])
guesses: 0  time: 0:00:00:00 DONE (Sat Apr 20 10:24:57 2013)  c/s: 50.00 
trying: ,:@

cat mywords
,:@ 

cat inhashes.txt
413fc6e2e1e92ca167b58391768901dc$HEX$3a322c


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ