Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 06 Sep 2007 00:58:01 +0200
From: Michal Luczaj <>
Subject: Re: Lotus Domino 6 and 7 multiple hash formats... Can
 JtR crack?

Danett song wrote:
> <input name="$dspHTTPPassword" type="hidden"
> value="(GFmjA4YmP9C05vHn09gI)">
> Is this format a new format? Not anymore based in RC4?
> Can JtR Break this format (with which module and any
> link or example?)? I tried Lcrack and Lotus Hash
> Breaker WITHOUT sucess. :(

Right, this seems to be a typical Domino salted hash. And, yes, there is
a patch for John (at least one) to handle those, you can easy find it on
the main page of John the Ripper project: .

Or, even better, you can download jumbo patch set (which contains this
and many more modules; yet again, available from John's web page...
which is

You might want to search john-users MARC archives (for "domino hash") to
find some more details about Domino hashing functions here: .

Unfortunately, I can not help you with meanings of $dspPasswordDigest
and $dspNetUserName although they might represent Domino saltless
hashes. Just give it a try (John's format name: lotus5, also in the
jumbo pack).

Hope it helps,

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ