Date: Sun, 27 Feb 2011 20:50:34 -0600 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: md5_gen(0) broken for ages? >> 2. This will likely only work for non-salted hashes, due to how md5_gen >> requires the salt to be placed. > >Well if you know a salt, you would of course prepare the file (but only >once!) so the salt part is correct for md5-gen:. > >user:b065775a4631811715c2b83163b921a0$salt::: > >So it's "half-prepared" for md5_gen but it doesn't say which subformat >we want. Then you just try subformats using the command-line option - of >course picking those with one salt, as well as formats like >md5($u.md5($p).$s). > >Hopefully this will be OK with the implementation you have in mind. The above would work for salted hashes. At this time, there is no code working in md5-gen that works for the $u (username). There are 2 saltes possible. The hash format for 2 saltes is: md5-gen(num)hhhhhhhhhhh$salt$$2salt2 So salt begins with (but does not include) a $ char, at the 'proper' offset, and the salt2 starts with $$2 (but does not include it), and is appended to the first salt. A person can make a md5-gen format that is salted with a user_id, by using the salt and salt2 format, so at least it 'is' doable at this time. I simply have not figured out exactly how to properly pull the userid when it is required, to get it working with md5-gen. Likely it will need to be pulled during the 'salt()' function, and incorporated into the salt that john would be working with. Then when john tells md5-gen to use a salt, the salt would be in there, an 2nd salt (if there is one), would be there, and the proper userid would be there, also, and be able to be properly used to perform the encryptions. But so far, I have not implemented the $u Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.