Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Feb 2014 19:39:50 +0100
From: Miguel Sánchez <m.s.martiarena@...il.com>
To: john-dev@...ts.openwall.com
Subject: Increase format length limit

Hi guys,

I have the following issue while making some tests.
In this case i'm going to focus on MD5(Unix) format.

1- We generate a list with passwords of different lengths
# cat unix.passwords
MySuperLongPass
MySuperLongPass1
MySuperLongPass12

# for pass in $(cat unix.passwords); do echo -n $pass | wc -c ; done
15
16
17

2- We get the hash for those passwords
# for i in $(cat unix.passwords); do mkpasswd -m md5 $i ; done > unix.dump

# cat unix.dump
$1$pb1wA1a.$kRdbZI/yxlmXznQu6NGK00
$1$Ld65A154$BkP8UOD1lYwwqaI8.r3NV.
$1$2t.NmrOR$VlOh58.qAgKwo.dSw33Ct0

3- We crack them using wordlist attack
# john unix.dump -w=unix.passwords
Loaded 3 password hashes with 3 different salts (FreeBSD MD5 [128/128 SSE2
intrinsics 12x])
MySuperLongPass  (?)
guesses: 1  time: 0:00:00:00 DONE (Wed Feb 19 19:30:25 2014)  c/s: 42.85
 trying: MySuperLongPass
Use the "--show" option to display all of the cracked passwords reliably

4- We try to force john to crack the passwords which have bigger length
# john unix.dump -w=unix.passwords --length=18
Can't set length larger than 15 for md5 format

This limit seems to be defined on the file *src/MD5_fmt.c* which contains
the following line:

#define PLAINTEXT_LENGTH                15

If I modify this line for i.e. 16 and recompile the program it crashes:

# ./john unix.dump -w=unix.passwords
Loaded 3 password hashes with 3 different salts (FreeBSD MD5 [128/128 SSE2
intrinsics 12x])
Self test failed (get_hash[0](1))


So it seems that I have to change more code but I don't know where is it.
Has anyone tried to do this before? even with other format will be very
helpful.

Thank you!
Regards,
M

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ