Date: Thu, 9 Mar 2006 13:42:29 +0100 (CET) From: rembrandt@...erlin.de To: john-users@...ts.openwall.com Subject: Re: checking only first 5 characters of a md5 hash > Maybe I didn't explained in a good way (sorry for my english) : > the first 5 chars are not of the password, but they are the first 5 of the > md5 HASH. Yes but that wont change anything I guess. but solar is able to answer this more precise I guess. > with "abc123" ? Is this way faster then crack the entire HASH right? > (abc123 Yes it is but... > can correspond to first part of many different hashes -> many possible > passwords -> the first I find is good) . You mean collision One hash -> many plaintext results > Is correct the idea? Becouse I don't know how the md5 algorithm works > exactly.... As far as I know MD5 used by login uses Salts too to prevent such htings. But the problem si the same: if you know the first letters of the hash or the password: You would need to know the entry MD5-Table because john can`t (as far as I know) reduce the keyspace (and this is a reducing) by known plaintext/cyphertext. For that you may need a precalculated MD5-Table to take a look where the keyspace ends or begins. Maybe this can be done also without such a Table but john would have to pre-calculate the limited keyspace first to know how many Passwords should be tried. THis would be possible if the algorithm would be used vice versa. I`m not that expert so I hope solar will answer too. Kind regards, Rembrandt
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.