Date: Sun, 15 Feb 2009 06:43:46 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Broken long/double DES hash split On Sat, Feb 14, 2009 at 09:06:06PM -0600, Joshua J. Drake wrote: > I'm not sure if this is really broken or not, but it wasn't working > for the password file I have that uses these types of hashes. There are two types of hashes that look the same (24-character strings) - one is bigcrypt, the other is crypt16. JtR only supports the former. Maybe you have the latter. These two are described here: http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/BigCrypt.pm http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/Crypt16.pm > Basically, the way I understand the format is: > > XX YYYYYYYYYYY YYYYYYYYYYY > ^ ^ ^ > | | + second 8 chars result > | + first 8 chars result > + salt for both parts No, not exactly. bigcrypt uses the first two chars of the first "sub-hash" string as the salt for the second sub-hash. crypt16 works like you described above, but iteration counts for the two sub-hashes differ. > I corrected the DES_fmt.c split() function as seen in the attached > patch. Does it work against your hashes with that "correction"? I would not expect it to. If it does, then you've discovered a third type of double-length hashes - neither bigcrypt, nor crypt16. > Do you have files that work with the current method? Yes. Some others in here also mentioned having used it successfully. > - memcpy(out, &ciphertext, 2); > + memcpy(out, ciphertext, 2); Thanks, Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.