Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Feb 2011 16:02:50 +0100
From: magnum <>
Subject: Re: md5_gen(0) broken for ages?

On 02/25/2011 11:15 AM, Simon wrote:
> On 25/02/2011 03:46, jfoug wrote:
>> I am not sure what exactly is your 'problem' here.  There should be NO salts
>> For md5_gen(0).  It is salt-less 'raw-md5'
> This is from my patch that removed raw-md5 and linked it to md5_gen(0).
> AFAIK I did the link properly, but as I'm not familiar with the code I
> might have failed somewhere. SALT_SIZE is set to 0 ...

Yes your move was the reason I discovered the bug, but the problem seem 
to be in md5_gen(0) and it seems it's been there for quite a while. Or 
did I do something wrong yesterday, today I can only reproduce it when 
using your linking. I can't even load the hashes as md5-gen without 
prepending them with md5gen(0), why is that?

$ cat ten.rawmd5

$ ./john ten.rawmd5 -fo:md5-gen "-sub=md5_gen(0)" -inc:digits
No password hashes loaded

$ ./john ten.rawmd5 -fo:raw-md5 -inc:digits
Using raw-md5 mode, by linking to md5_gen(0) functions
Loaded 3 password hashes with 3 different salts (Raw MD5 [gen])

$ perl -ne 'if (s/:([0-9a-f]{32}):/:md5_gen(0)$1:/){print}' <ten.rawmd5 

$ ./john tenm.rawmd5 -inc:digits
Loaded 7 password hashes with no different salts ( md5_gen(0): md5($p) 
(raw-md5)  [SSE2 10x4x3 (intr)])

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.