Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jun 2005 17:20:15 +0200
From: Denis Ducamp <Denis.Ducamp@...ar.org>
To: john-users@...ts.openwall.com
Subject: Re: using John to crack MD5 password with more than 13 characters

On Thu, Jun 02, 2005 at 12:03:33PM -0300, Alceu R. de Freitas Jr. wrote:
> Hello everybody,

Hi,

> I have an web application that uses MD5 and base64
> encoding to protect users passwords. I would like to
> run john against these passwords and check for weak
> ones.
[...]
> There is any way to use John the Ripper to help with
> that?

By default john only knows about "Unix'md5" not raw md5. You have to apply
the raw-md5 patch and try with --format=rawMD5.

The format of the password should be the same as the one from openssl :
$ echo -n bunda | openssl md5
55b0c86ed75326a42b7a48c3fbf67baf
  
Have fun,

Denis.

-- 
http://www.groar.org/enough/bushit.jpg

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ