Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 30 Sep 2012 19:01:35 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: WebEdition CMS

On Sun, Sep 30, 2012 at 5:07 PM,  <jfoug@....net> wrote:
> Simply looking at that format script, I believe it would work fine. There is
> also ways a username can be used directly within dynamic instead.  However,
> since anyone using this would be fabricating the JtR input file, putting the
> username into a salt field would be just as easy as putting into the
> username field when building the file.

> Also, if a salt is used vs the username within dynamic, then there is a nice
> optimization that can be used to double the speed of the format. If you
> notice the base-16 MD5 of the salt (user name), is a static string. This can
> be pre-computed at load time, and done only once. This reduces the MD5 calls
> from 2 to 1 per password/salt trial.

Jim,

I have tried to implement what you said,

MySQL [webedition]> select username,md5(username),passwd,UseSalt from
tblUser where username="openwall";
+----------+----------------------------------+----------------------------------+---------+
| username | md5(username)                    | passwd
          | UseSalt |
+----------+----------------------------------+----------------------------------+---------+
| openwall | f2df0ddd3129c68b1ae7be05779ebeb3 |
14f8b3781f19a3b7ea520311482ce207 |       1 |
+----------+----------------------------------+----------------------------------+---------+

####################################################################
# DYNAMIC type for WebEdition CMS md5($p.PMD5(username))
# > select md5(username),passwd,UseSalt from tblUser
# PMD5(username), pre-computed md5 of username is salt
####################################################################
[List.Generic:dynamic_1012]
Expression=md5($p.PMD5(username)) (WebEdition CMS)
Flag=MGF_SALTED
Flag=MGF_SALT_AS_HEX
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall

However it fails self-test,

Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS)
[128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0)

Any tips to get it working?

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.