Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Jul 2005 13:45:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: understanding the encryption method

This was already answered by Ikari (thanks!), but I'll provide more
precise answers:

On Fri, Jul 01, 2005 at 05:52:06AM -0700, Lyn Scott wrote:
> I have an OpenUnix 8.0.0 box and i am trying to check
> the /etc/shadow. I have an user (e.g something like
> this user_1:ThnJx./KPgulI) so am i rigth if i suppose
> that crypt/DES is used ('cause the string is 13 char
> long/with Th is my Salt).

Yes.

> When i check the john.pot it
> gives me a result for my usrer_1 (e.g my_passw). But
> my real password for user_1 is not my_passw but
> my_passwd. So how can you use john for password longer
> as 8 char (using crypt/DES).

The traditional DES-based crypt(3) hashes discard characters past 8.
This means that your password really _is_ "my_passw" (using your
example), even if you think that it is "my_passwd".  The last "d" was
discarded when you first set that password, and it is discarded each
time you enter it on login (so you could as well not type that character,
or type something different).

> I have another question... I have another Linux box
> (Suse9.2) The /etc/shadow is encrypted using BlowFish.
> How can I recognize if the Password is encrypted using
> BlowFish or DES.

The bcrypt (Blowfish-based) password hashes are encoded like this:

$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui

It's the "$2a$" which indicates bcrypt.  If the encoding starts with
anything different (e.g., with "$1$"), then it is not bcrypt.  ("$1$"
would correspond to the FreeBSD-derived MD5-based hashing method.)

When you run John on a password file, it will autodetect the first hash
type that it sees and recognizes.  It will tell you what that is.  If
you happen to have multiple hash types mixed within a single password
file, you'd need to use the "--format=..." option to have John try the
other hash types.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ