Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 23 Dec 2010 15:36:34 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: Identifying hashes

2010-12-22 23:03, Dan Tentler wrote:
> I've been perusing though the hashes in the gawker release and I found a
> hash style I've been unable to identify. Can any of you guys put your
> finger on what style of hash this is? It's that $2a$10 in there that
> gets me...
>
> <user>:f2UmwcltELO.U:$2a$10$uD7hFnbqNxF1iFTanZZmr.aLPfqGDdOE7e96wNdnGQsMOdNZh3ueK

Try putting that hash after the first delimiter instead of the des hash, 
and JtR will properly identify them as BF (OpenBSD blowfish). They are 
extremely slow, just trying one single cleartext against all hashes will 
take minutes. It seems to be OMP enabled in JtR though I never saw it 
mentioned.

I believe they will end up the same password as the corresponding des 
hash when both are available but I haven't confirmed it. They will not 
be truncated at seven bits and length 8 though, so they would sometimes 
need mangling from the des password, somewhat like NT vs LM cracking.

magnum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ