Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Nov 2008 10:22:03 +0100
From: Simon Marechal <>
Subject: Re: MD5 cracking - finding out substring

JoHnY wrote:
> Hello all,
> I have a problem which someone might be able to help me with.
> First let me explain what I am trying to acomplish.
> I have an MD5 hash of 52-character string (generated by PHP's md5() function), most of the string is known to me, the only parts of the string which are unknown and thus I am trying to find out, are just two substrings, one 4-character long substring at one position of the string and one 3-character long substring at another position (both positions are fixed), both substrings containing just numbers, so theoretically it's a very easy and quick job for john. 
> Now, what is the problem and what I want to find out.
> I have patched john with Raw-MD5 patch, compiled john, Raw-MD5 works fine. First question is, is Raw-MD5 correct for cracking MD5 from within PHP's md5() function? I assume it is, but just want to make sure.
> I have put the known part of the string to the wordlist (so it is the only string in the wordlist) and created a wordlist rule to insert digits at the position of the unknown parts of the string. The rule looks like this:
> li2[0-9]li3[0-9]li4[0-9]li5[0-9] li7[0-9]li8[0-9]li9[0-9]
> Everything would be fine up to this point, but the problem is that john somehow can't handle more than 32-character passwords (or the Raw-MD5 patch can't), so the 52-character long string gets cut I have tried to increase the PLAINTEXT_LENGTH define in rawMD5_fmt.c, but it didn't help. 
> However, what's strange to me, is that when I run john with --stdout option so that it only outputs all passwords to be tried to standard output, it prints the whole 52-character strings, but when I let him crack it, it cuts the passwords he tries to 32 bytes (when I abort john, it outputs the last tried password and it's cut to 32 characters)
> Does anyone know how what to change in john's sources to be able to try the string longer than 32 characters?


	the raw-md5 is indeed the right patch. You might want to alter 
rawMD5_fmt.c, and change the PLAINTEXT_LENGTH parameter, then recompile.

However I believe it would be faster to do it in php, as there are only 
10^7 possibilities.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ