john-users - RE: JTR and format md5

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Dec 2009 11:31:44 -0600
From: "Jim" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: JTR and format md5_gen

From: SL [mailto:auditor@...chat.de] 

>md5_gen(7) is md5(md5($p).$s) with a fixed 3-byte salt, if I remember  
>correctly (Jim?).
>For any other md5(md5($p).$s) hash, you should use md5_gen(6).

md5_gen(6) and md5_gen(7) are the same thing, however, the md5_gen(7) 
adds a couple of extra 'validations' when parsing an input line:

First, it stipulates that the salt MUST be 3 and only 3 characters
(shorter or longer will NOT be loaded).  

Second, it will FORCE you to use a different separator char, since
the ':' IS a valid salt character in vBulletin hash/salt pairs, 
and you WILL see them all the time for normal input.

But other than those 2 extra validations, 6 and 7 are the same. You
can use md5_gen(6) to crack vbulletin hashes just fine.  It simply
will not 'hold your hand' validating that salts are 3 bytes, and that
you are properly splitting up the fields.

>IPB2 uses md5(md5($s).md5($p))), so you'd want to use md5_gen(12).
>
>Same procedure as before:
>user[tab]md5_gen(12)HASH$salt
>
>* TAB is field separator
>* $ is salt separator
>* md5_gen(12) is hash type identifier

The only time you 'have' to use a character other than the 'default' 
: as a line separator, is IF the format (the hash, or the salt, or the
user names, or other gecos fields) contain ':' characters.  That is WHY
I added the ability to set it to something else.  You can ALWAYS use a
different separator character and things 'will' work, but there is no
reason you 'have' to use a different character.