Date: Thu, 23 Dec 2010 15:36:34 +0100 From: magnum <rawsmooth@...dband.net> To: john-users@...ts.openwall.com Subject: Re: Identifying hashes 2010-12-22 23:03, Dan Tentler wrote: > I've been perusing though the hashes in the gawker release and I found a > hash style I've been unable to identify. Can any of you guys put your > finger on what style of hash this is? It's that $2a$10 in there that > gets me... > > <user>:f2UmwcltELO.U:$2a$10$uD7hFnbqNxF1iFTanZZmr.aLPfqGDdOE7e96wNdnGQsMOdNZh3ueK Try putting that hash after the first delimiter instead of the des hash, and JtR will properly identify them as BF (OpenBSD blowfish). They are extremely slow, just trying one single cleartext against all hashes will take minutes. It seems to be OMP enabled in JtR though I never saw it mentioned. I believe they will end up the same password as the corresponding des hash when both are available but I haven't confirmed it. They will not be truncated at seven bits and length 8 though, so they would sometimes need mangling from the des password, somewhat like NT vs LM cracking. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.