Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 2 Jun 2005 12:03:33 -0300 (ART)
From: "Alceu R. de Freitas Jr." <glasswalk3r@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: using John to crack MD5 password with more than 13 characters

Hello everybody,

I have an web application that uses MD5 and base64
encoding to protect users passwords. I would like to
run john against these passwords and check for weak
ones.

The problem is, when I try to simulate something like
the Linux shadow file, john complains that no password
was loaded.

I decided to make some testing using Perl:

C:\Documents and Settings\br04196>perl -MDigest::MD5
-e "$ctx=Digest::MD5->new;
$ctx->add('bunda'); print $ctx->b64digest"
VbDIbtdTJqQrekjD+/Z7rw

Then I created a new file with:

smithj:VbDIbtdTJqQrekjD+/Z7rw:10063:0:99999:7:::

It didn't work either. I tried using "hexdigest" and
"digest" from the same module, with the same result.

There is any way to use John the Ripper to help with
that?

Thanks,


__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger 
http://br.download.yahoo.com/messenger/ 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ