Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sat, 26 Feb 2011 11:58:41 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen(0) broken for ages?

On 02/26/2011 02:20 AM, jfoug wrote:
> It is no different than taking a line like
>
> User:abcdef0123456789abcdef0123456789
>
> And calling john with john -format=md5a inputfile.in
>
> and expecting the above line in the input file to be 'used'.
> It will not be used, because md5a has a specific format, and
> That hash does not match it.  If a hash does not start with the
> $1$ when md5a will never choose that line. Same for md5_gen(0)

OK, that makes sense. But there is a difference: You will never find 
hashes "in the wild" prepended with md5gen(n).

Sometimes you have to guess format just based on hash length and hope 
that a weak password will reveal what it is. Unless you can iterate over 
the --subformat option, you have to modify the hash file for each try.

So let me re-phrase it as a low-prio enhancement request. Would it be 
possible to have it accept bare hashes [of correct length etc] if 
--subformat was given, or could this introduce other problems?

thanks
magnum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ