Date: Sat, 20 Mar 2010 00:48:30 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Unsalted passwd On Fri, Mar 19, 2010 at 10:26:55PM +0100, ph3arconf@...il.com wrote: > I found that this passwd line is unsalted. > > root:$1$$1lqCUxARG7RZxCqf2/VNV0:0:0:root:/root:/bin/ash > > and JtR detects it as (FreeBSD MD5 [32/64 X2]) That's correct. The fact that it uses an empty salt is of no benefit to you unless you have multiple hashes like this, in which case you'd have matching salts and thus higher effective c/s rate. > However If I keep only this part lqCUxARG7RZxCqf2 Why do this? > which is the actual hash(?) No, it is not. It is a portion of the hash encoding string. > JtR will detect this as (PIX MD5 [pix-md5]) > > Is this correct or I'm completely wrong? The latter. JtR with the jumbo patch supports a lot of hash types, some of which use fairly generic encodings, so mis-detection is quite possible, especially if you actively try to edit your strings until you get a "match" of the encoding type against that used by one or more of the supported hash types. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.