Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 21 Jan 2009 16:54:19 +0300
From: Solar Designer <>
Subject: Re: md5 hash with a salt? Format?

On Wed, Jan 21, 2009 at 06:52:47AM -0600, Billy Newsom wrote:
> Solar Designer wrote:
> >[List.External:PrependSalt]
> >void filter()
> >{
> >	int i;
> >
> >	i = 0; while (word[i++]); // determine the length (plus one)
> >	while (i--) word[i + 2] = word[i]; // make room for the salt
> >	// prepend the salt
> >	word[0] = '4';
> >	word[1] = 'd';
> >}
> That's nifty, but it of course means that if I had a password file of 20 
> passwords and 20 different salts, then I would need to run john 20 times. 
> This is a great start, no doubt, but obviously a patch or hack will allow 
> the issue to be taken care of more elegantly.

Indeed.  I think someone may implement a "format" supporting something
like this:


where "P" stand for "prefix" or "prepend", and "S" stands for "suffix"
or "salt".  To allow for having a dollar sign in the salt string, the
code may search for the last dollar sign from the end of the string -
use strrchr().

> I hope this is the start of some interest in md5, ...

Actually, there's been a lot of "interest in MD5" from those auditing
websites, etc. during the last few years.

> Incidentally, I tried this and it sort of worked some of the time.
> Username:4d:396df9c93be5ec566810be9dfbae7b4f
> %john --format=raw-MD5 passfile

Ouch.  This is very wrong.  The only chance it could work at all is due
to the hack in loader.c for supporting the PWDUMP output format, and the
MD5 hash encoding above being 32 characters long just like LM and NTLM
hashes are.  So it got picked up.  The specified salt was ignored, but
since it was short enough perhaps JtR just happened to try enough
candidate passwords starting with that string in order to get some
guesses right (essentially guessing both the salt and the password at
the same time).

> And JtR found some simple test cases, but it was not working I don't think 
> as good with a file having 4 lines. For some reason, it came up with only 3 
> passwords to crack.
> Loaded 3 password hashes with no different salts (Raw MD5 [raw-md5])

Not having seen the input file, I can't comment on that.

> I guess I need to see the Wiki. I am running blind as it is now.

The wiki is at:

but it does not have a lot of content yet.  You're welcome to help
populate it with more content!



To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.