Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Feb 2011 16:02:50 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen(0) broken for ages?

On 02/25/2011 11:15 AM, Simon wrote:
> On 25/02/2011 03:46, jfoug wrote:
>> I am not sure what exactly is your 'problem' here.  There should be NO salts
>> For md5_gen(0).  It is salt-less 'raw-md5'
>
> This is from my patch that removed raw-md5 and linked it to md5_gen(0).
> AFAIK I did the link properly, but as I'm not familiar with the code I
> might have failed somewhere. SALT_SIZE is set to 0 ...

Yes your move was the reason I discovered the bug, but the problem seem 
to be in md5_gen(0) and it seems it's been there for quite a while. Or 
did I do something wrong yesterday, today I can only reproduce it when 
using your linking. I can't even load the hashes as md5-gen without 
prepending them with md5gen(0), why is that?

$ cat ten.rawmd5
test:51603d77d6716ef485146c808d8aeefd:::
test:104f341c95b15d01369d6411d41d7f33:::
test:7b640f7c2ef5fd011e0a43c8584dd53a:::
test:8be397ec32881903364ad13b917c99e5:::
test:19c7760b3bdd96c3f051db64fb70114a:::
test:c70587a1dae4efecf446dad26f0346c0:::
test:de71059d0b3cd8a1de21151c9166f9f0:::
test:a9d7de08bb15921c638a17cbc41c7e17:::
test:85fc694511a598803de11d42870a0db9:::
test:27f96ece55cac6d76bb6d352a1b5aa36:::

$ ./john ten.rawmd5 -fo:md5-gen "-sub=md5_gen(0)" -inc:digits
No password hashes loaded

$ ./john ten.rawmd5 -fo:raw-md5 -inc:digits
Using raw-md5 mode, by linking to md5_gen(0) functions
Loaded 3 password hashes with 3 different salts (Raw MD5 [gen])

$ perl -ne 'if (s/:([0-9a-f]{32}):/:md5_gen(0)$1:/){print}' <ten.rawmd5 
 >tenm.rawmd5

$ ./john tenm.rawmd5 -inc:digits
Loaded 7 password hashes with no different salts ( md5_gen(0): md5($p) 
(raw-md5)  [SSE2 10x4x3 (intr)])

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.