Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sat, 20 Mar 2010 00:48:30 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Unsalted passwd

On Fri, Mar 19, 2010 at 10:26:55PM +0100, ph3arconf@...il.com wrote:
> I found that this passwd line is unsalted.
> 
> root:$1$$1lqCUxARG7RZxCqf2/VNV0:0:0:root:/root:/bin/ash
> 
> and JtR detects it as (FreeBSD MD5 [32/64 X2])

That's correct.  The fact that it uses an empty salt is of no benefit to
you unless you have multiple hashes like this, in which case you'd have
matching salts and thus higher effective c/s rate.

> However If I keep only this part lqCUxARG7RZxCqf2

Why do this?

> which is the actual hash(?)

No, it is not.  It is a portion of the hash encoding string.

> JtR will detect this as (PIX MD5 [pix-md5])
> 
> Is this correct or I'm completely wrong?

The latter.  JtR with the jumbo patch supports a lot of hash types, some
of which use fairly generic encodings, so mis-detection is quite
possible, especially if you actively try to edit your strings until you
get a "match" of the encoding type against that used by one or more of
the supported hash types.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ