Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 20 Mar 2010 00:48:30 +0300
From: Solar Designer <>
Subject: Re: Unsalted passwd

On Fri, Mar 19, 2010 at 10:26:55PM +0100, wrote:
> I found that this passwd line is unsalted.
> root:$1$$1lqCUxARG7RZxCqf2/VNV0:0:0:root:/root:/bin/ash
> and JtR detects it as (FreeBSD MD5 [32/64 X2])

That's correct.  The fact that it uses an empty salt is of no benefit to
you unless you have multiple hashes like this, in which case you'd have
matching salts and thus higher effective c/s rate.

> However If I keep only this part lqCUxARG7RZxCqf2

Why do this?

> which is the actual hash(?)

No, it is not.  It is a portion of the hash encoding string.

> JtR will detect this as (PIX MD5 [pix-md5])
> Is this correct or I'm completely wrong?

The latter.  JtR with the jumbo patch supports a lot of hash types, some
of which use fairly generic encodings, so mis-detection is quite
possible, especially if you actively try to edit your strings until you
get a "match" of the encoding type against that used by one or more of
the supported hash types.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.