Date: Sat, 13 Jun 2009 11:22:35 +0300 From: "Antonios F. Atlasis" <atlasis@...ecom.ece.ntua.gr> To: john-users@...ts.openwall.com Subject: Re: cracking MD5 hashes more than 8 characters long with a dictionary Dear Alexander, thanks a lot for your very quick response! checking (counting) the precise length of these passwords, this is exactly 16 characters. Hence, I suppose this is due to the limitation that you mentioned concerning the MD5, right? A limitation that obviously does not exist in Blowfish implementation, I guess. Is there any work-around on this? Thanks again Antonios Solar Designer wrote: > On Sat, Jun 13, 2009 at 09:57:35AM +0300, Antonios F. Atlasis wrote: > >> I tried to use John 1.7.3-1 Pro against a shadow file with MD5 (FreeBSD) >> hashes. This shadow contains some hashes that are longer than >> 8-characters. I create a custom wordlist, that contains the actual >> passwords included in this shadow. When I try to crack this shadow >> using this custom wordlist, it cracks the passwords whose length is 8 >> characters or less, but not the ones whose length is more than 8 >> characters (although I feed the wordlist with the correct passwords) >> > > That's weird. Those passwords should be getting cracked, assuming that > they're not longer than 15 characters (a limitation of the current > implementation of MD5-based crypt hashes in JtR). > > I suggest that you post a sample line from your shadow file and the > corresponding plaintext password (the way you set it). Obviously, reset > the password on the real account before you post this info. > > >> Using exactly the same passwords and wordlist against a Blowfish shadow, >> John successfully cracks all the passwords, even the ones whose length >> is more than 8-characters. >> > > Indeed, and this should be working for the MD5-based hashes too. > > >> I tried to change maxlength of john.conf to 16, but this didn't hep me. >> > > The MaxLen setting is for "incremental" mode only, not wordlist. > > Alexander > > -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.