Date: Thu, 23 Sep 2010 23:56:04 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Trying to port user accounts to a web site On Thu, Sep 23, 2010 at 11:51:57AM -0700, Scott Hamilton wrote: > 6. Here's a sample that I used: > > user1@...plepc.com:Pz8/Excycz8YMWY1P0U6P0A/egJKPz8/BW5mP3gPXT8PfhVhdz8mPzM/Pz8/CmoX > > > user2@...il.com:D2o/Pz96Tj8/Pz90Aw13Dm0/ST8/CSM/Pz9lOz9nPz8/Pyo/cz9iaDQ/Nz91PD8F > > user3@...oo.com:PyA/eRpdPzYNEgtPP2NzAT8zPyE/PxQgPxA/Pz8/Pz8ZPz8/ID93PxxyPz8/Pz8/ This is definitely not supported by JtR, and in fact it _might_ be reversible obfuscation and not hashing. Some observations: - 64-character strings; - 16 blocks of 4 characters each; - "Pz8/" is common; - "/" is common at the end of a 4-char block; - "P" is common at the beginning of a 4-char block. It is likely possible to figure the algorithm out given some samples of plaintext and obfuscated passwords. The approach to use would be to set different yet similar plaintext passwords (on one's own accounts) and observe how the corresponding obfuscated string changes. This has nothing to do with JtR, though, so further discussion on this list would be inappropriate. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.