Date: Fri, 10 Mar 2006 14:59:30 +0100 From: Turko <granturko@...il.com> To: john-users@...ts.openwall.com Subject: Re: checking only first 5 characters of a md5 hash Thanks a lot for replies. On 3/10/06, Solar Designer <solar@...nwall.com> wrote: > > On Thu, Mar 09, 2006 at 11:43:40AM +0100, Turko wrote: > > My problem is this: I have only the first 5 characters of a md5 hash. > > Are those the first 5 characters of an ASCII encoding of an MD5 hash or > the first 5 bytes of an MD5 hash? They are taken from a php generated hash that I m using for locale tests on my webserver : $code = substr(base64_encode(md5($mykey)),0, 5); Is this a raw MD5 hash (typically encoded as a string of 32 hexadecimal > characters) or a FreeBSD-style MD5-based hash (typically encoded as a > string starting with the characters "$1$")? > > How do you know it's MD5? > > In fact, can you simply share those 5 characters with us? > Is it possible telling John to check only them during the crack? > > No. John normally operates on internal representations of hashes, not > on ASCII encodings (the ASCII encodings are decoded at load time) - so > making it operate on only certain characters of the encoding is > non-trivial. > > > I mean, is correct the idea that checking only the first 5 is better > then > > all others ? > > I don't understand this idea/question. > > > Many keys can be encrypted and having the same first 5 > > characters so it would be faster then cracking all 16 right? > > Yes, you might find a password that produces the right first 5 > characters or bytes quicker. This won't necessarily be the original > password. If the target system only checks those 5 characters or bytes, > then any password you can find in this way will be as good as the > original one. ok, is what I hope ; ) On the other hand, if the target system checks the entire MD5 hash - of > which you only have the first 5 characters of an ASCII encoding or the > first 5 bytes - then many or most passwords you might find won't work to > login to the system. > > With typical users' passwords, 5 characters of a hex-encoding (20 bits) > might not be enough to identify just the original password (and no other > realistic passwords producing the same 5 characters), whereas 5 bytes of > the hash itself (40 bits) will likely be enough. > > > How can I tell John to get the substring of the hash and checking only > its 5 > > chars? > > That would require a source code patch. is it hard to write? Maybe I can try...but how ? If you only need this done once, it might be quicker for you to write a > Perl script that would use Digest::MD5 and accept a stream of candidate > passwords on the standard input. Then use "john ... --stdout" to feed > candidate passwords to this Perl script. Mhhmmm, I m not an expert programmer as you can imagine...So the steps are: 1- Writing a script that receives ascii passwords from John, 2- encrypt them, 3- and then check the first 5 characters of the hash (right ?) .Thanks a lot. > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D > 3598 > http://www.openwall.com - bringing security into open computing > environments > > Was I helpful? Please give your feedback here: > http://rate.affero.net/solar > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply > to the automated confirmation request that will be sent to you. > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.