Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Mar 2006 12:04:13 +0300
From: Solar Designer <>
Subject: Re: checking only first 5 characters of a md5 hash

On Sat, Mar 11, 2006 at 08:49:08AM +0100, Turko wrote:
[38 lines of context removed]
> OK

Please try to not quote irrelevant context in your responses.  You did
not need to quote all those many lines just to say "OK".

I wrote:
> > <?php
> > $mycode = "ZTNlM";
> > $mykey = "a";
> > while (1) {
> >         $code = substr(base64_encode(md5($mykey)), 0, 5);
> >         if ($code == $mycode) break;
> >         $mykey++;
> > }
> > print "$mykey\n";
> > ?>
> >
> > Please note that this loop may run forever in case $mycode is set to a
> > string not produced by the $code = ... line from your message.
> Thanks a lot. I m trying this (easy) script. Of course I had to setup
> php.ini in "Maximum execution time" (30 seconds by default) .
> Now is 10 hours it works, but nothing.

There's no point in running this for more than a few seconds.  If it
does not crack a password, then $mycode is not set to a string produced
by the $code = ... line.

> I m sure that $mycode is an existing part of the hash.

...existing "part of the hash" or "the first 5 characters of base64
encoding of hex encoding of the MD5 hash"?  Obviously, the script will
only crack the latter.

> Ho can I calculate the amunt of time I need (theory) ?

It should be under 1 second.

As I have mentioned, the $code = ... line can only produce a little over
20,000 different values[1].  If you search this many candidate passwords,
you have a 63% probability[2] of finding a suitable one.  If you search
even further, the probability quickly approaches 100%.  On a 1 GHz x86
system with PHP 5, the above script can search around 40,000 candidate
passwords per second - so the probability of finding a password is around
85% after 1 second and around 98% after 2 seconds[3].

[1,2,3] I've omitted the detail behind these calculations.  I think you
want to get the overall picture before you likely get confused with the
detail.  Besides, this has little to do with John the Ripper.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.