Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2009 05:10:08 -0600
From: Billy Newsom <>
Subject: md5 hash with a salt? Format?

I don't know if john is used much for more mundane account cracking, but I 
would like to run john against a known md5 hash with a known salt. I just need 
to know how to tell john what I've got.

In my case, I have the md5 hashes stored with the salt. I have found out that 
the salt is prepended to the password prior to the hash.

So if I had:


My plaintext password might be "silly" and the salt was 4d.

So if we ran
%md5 -s '4dsilly'
MD5 ("4dsilly") = 396df9c93be5ec566810be9dfbae7b4f

Okay, how in the world do I get john to run that? What should my password file 
look like, and which md5 option do I tell it to use? I don't see where I put 
the salt, because there is no documentation on the way each password format 
file should look. Hint: could you generate such an example file with test 
cases and simple passwords to crack so we can follow the examples?

And in my case, I know that every "password" will essentially start with 4d. 
How do I tell that to john so he doesn't try other possibilities?


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.