Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Jan 2008 18:25:02 -0500
From: "Steve ......" <>
Subject: Re: What type of passwords does john crack?

> If these are indeed HMAC MD5 hashes and you have the nonce associated
> with the hash, you can use a program called mdcrack available at
>  or try the John the Ripper patch from bartavelle at

yeah I just downloaded mdcrack a few hours prior..  unfortenuly I dont have
the nonce if it is a random string on every occurence..
I dont program in php but heres the code.. actually it looks like if "$key"
is the "nonce" then the nonce is only chr(0x36) repeated?.. I dont know Im
guessing at this point.. im sure that cant be right.

// MD5 Encryption

function md5_hmac($data, $key)


if (strlen($key) > 64)

$key = pack('H*', md5($key));

$key = str_pad($key, 64, chr(0x00));

$k_ipad = $key ^ str_repeat(chr(0x36), 64);

$k_opad = $key ^ str_repeat(chr(0x5c), 64);

return md5($k_opad . pack('H*', md5($k_ipad . $data)));


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.