Date: Sat, 09 Apr 2011 15:27:46 +0400 From: Aleksey Cherepanov <aleksey.4erepanov@...il.com> To: john-users@...ts.openwall.com Subject: Re: passwords more that 8 chars long I tried to run John with it without any success. So i wrote small script in Perl to test expected password: #! /usr/bin/perl # We will use MD5 because the only hash that starts with $1 is MD5. # Look: http://openwall.info/wiki/john/sample-hashes . use Authen::Passphrase::MD5Crypt; #root:$1$Cnq2FbUw$B9s1v00aP0k16tgsWQQAc0:15027:0:99999:7::: # We print original hash string and the end of line. # We use single quotes to not substitute variables. print '$1$Cnq2FbUw$B9s1v00aP0k16tgsWQQAc0', "\n"; # We generate new hash string with old salt and old hash. # Just to test that we could build hash string correctly. $ppr = Authen::Passphrase::MD5Crypt->new( # Salt obtained from original hash string is between the second # and the third dollars. salt => "Cnq2FbUw", # Original hash hash_base64 => "B9s1v00aP0k16tgsWQQAc0"); # We print built hash string and the end of line. print $ppr-> as_crypt, "\n"; # We generate hash string with salt obtained from string above and # with expected password. $ppr = Authen::Passphrase::MD5Crypt->new( # Original salt salt => "Cnq2FbUw", # Expected password passphrase => "groupsuper3"); # We print new hash string with end of line. print $ppr-> as_crypt, "\n"; It produces following output: $1$Cnq2FbUw$B9s1v00aP0k16tgsWQQAc0 $1$Cnq2FbUw$B9s1v00aP0k16tgsWQQAc0 $1$Cnq2FbUw$LDgzIpTd3lGME/Yx1T69i0 The first two strings are the same. So script seems to work properly. The third string is a hash string for 'groupsuper3' password and it is different from other strings. So in my opinion your output should not be groupsuper3. Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.