Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jun 2005 12:03:33 -0300 (ART)
From: "Alceu R. de Freitas Jr." <glasswalk3r@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: using John to crack MD5 password with more than 13 characters

Hello everybody,

I have an web application that uses MD5 and base64
encoding to protect users passwords. I would like to
run john against these passwords and check for weak
ones.

The problem is, when I try to simulate something like
the Linux shadow file, john complains that no password
was loaded.

I decided to make some testing using Perl:

C:\Documents and Settings\br04196>perl -MDigest::MD5
-e "$ctx=Digest::MD5->new;
$ctx->add('bunda'); print $ctx->b64digest"
VbDIbtdTJqQrekjD+/Z7rw

Then I created a new file with:

smithj:VbDIbtdTJqQrekjD+/Z7rw:10063:0:99999:7:::

It didn't work either. I tried using "hexdigest" and
"digest" from the same module, with the same result.

There is any way to use John the Ripper to help with
that?

Thanks,


__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger 
http://br.download.yahoo.com/messenger/ 

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ