Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Feb 2011 11:58:41 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen(0) broken for ages?

On 02/26/2011 02:20 AM, jfoug wrote:
> It is no different than taking a line like
>
> User:abcdef0123456789abcdef0123456789
>
> And calling john with john -format=md5a inputfile.in
>
> and expecting the above line in the input file to be 'used'.
> It will not be used, because md5a has a specific format, and
> That hash does not match it.  If a hash does not start with the
> $1$ when md5a will never choose that line. Same for md5_gen(0)

OK, that makes sense. But there is a difference: You will never find 
hashes "in the wild" prepended with md5gen(n).

Sometimes you have to guess format just based on hash length and hope 
that a weak password will reveal what it is. Unless you can iterate over 
the --subformat option, you have to modify the hash file for each try.

So let me re-phrase it as a low-prio enhancement request. Would it be 
possible to have it accept bare hashes [of correct length etc] if 
--subformat was given, or could this introduce other problems?

thanks
magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.