Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <49770290.4090104@nlcc.us>
Date: Wed, 21 Jan 2009 05:10:08 -0600
From: Billy Newsom <billy@...c.us>
To: john-users@...ts.openwall.com
Subject: md5 hash with a salt? Format?

I don't know if john is used much for more mundane account cracking, but I 
would like to run john against a known md5 hash with a known salt. I just need 
to know how to tell john what I've got.

In my case, I have the md5 hashes stored with the salt. I have found out that 
the salt is prepended to the password prior to the hash.

So if I had:

396df9c93be5ec566810be9dfbae7b4f:4d

My plaintext password might be "silly" and the salt was 4d.

So if we ran
%md5 -s '4dsilly'
MD5 ("4dsilly") = 396df9c93be5ec566810be9dfbae7b4f

Okay, how in the world do I get john to run that? What should my password file 
look like, and which md5 option do I tell it to use? I don't see where I put 
the salt, because there is no documentation on the way each password format 
file should look. Hint: could you generate such an example file with test 
cases and simple passwords to crack so we can follow the examples?

And in my case, I know that every "password" will essentially start with 4d. 
How do I tell that to john so he doesn't try other possibilities?

Thanks

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.