Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Jul 2009 16:06:32 +0200
From: SL <>
To: "" <>
Subject: Re: patch for new john format: phpass (also works for phpBBv3) 

"Jim" <> wrote:

> For admins running phpBB who do not know, the hashes are stored in  
> the phpbb3_users table. The hash is slightly modified from the  
> portable phpass format. The difference is only in the first 3 bytes  
> (the signature).  phpass hash uses $H$ while phpBB uses $P$.  Other  
> than that, they are identical, and encrypt/decrypt the same.  This  
> john format works with both native phpass or phpBB.  phpBB prior to  
> v3 uses raw md5 for passwords.  If you have upgraded, from a board  
> running v2, to v3, the passwords are not converted UNTIL a user logs  
> in, so there will also likely be many passwords stored simply as non- 
> salted MD5, and the raw-md5 hash can be used for them, and is MUCH  
> faster.

On a dualcore system, you may start a parallel cracking session for  
both hash types simultaneously:

mysql -u root -D "$DB" -e "SELECT username, user_password FROM $ 
{prefix}_users;" | tr "\t" ":" > ${DB}_${prefix}_users.passwd;
(./john --format=raw-MD5 --session=raw-MD5 ${DB}_${prefix} 
_users.passwd &);
(./john --format=phpass-MD5 --session=phpass-MD5 ${DB}_${prefix} 
_users.passwd &);

Do "killall john" when you get tired waiting for results.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.