Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2011 02:46:07 +0400
From: Solar Designer <>
Subject: Re: sha1(md5($pass)

On Fri, Jul 15, 2011 at 08:08:33PM +0000, Donovan wrote:
> I am on MAC & use the ERIK Winkler Jumbo version of JTR (V12) (
>, thanks for his efforts !
> i try desesperately to crack some "sha1(md5($pass)"

These are supported in recent -jumbo, but you need to specify the
--format='md5_gen(23)' option, and not all builds will recognize it.
Specifically, -x86-64 builds of 1.7.8-jumbo-2 don't, whereas 32-bit x86
and "make generic" builds do.

Since you say you're using an existing Universal Binary build for a Mac,
you may have to explicitly invoke its 32-bit component using:

arch -i386 ./john --format='md5_gen(23)' pw

but I don't know/recall if that older version supports md5_gen(23) at
all or not, in any of its builds.  Maybe not, in which case you'd need
to build and use a newer version instead.

> I read allready here
> & follow the Alexander advice by add on the hashes list " $SHA1p$User$"

That's not what you need.  This syntax is for certain trivial kinds of
salted SHA-1 hashes, with no MD5 involved.

> 0000a2776ea490e49563dac224b620ecf73b282e
> 00076de90f8e24bff1569b1ae73e92fa10787f6d
> 000d39dfcd13fc48af4088254efa26192fcb7f83
> 000da1b6e1e724cf3f23d1784b80fcf48a481890
> 001148f475b9f5d744f63a8318db3c4c2dea4789

Here's how these are loaded by a "make generic" build of 1.7.8-jumbo-2
on a Linux/x86-64 system (no 32-bit gcc/glibc/openssl, which is why I
had to use "generic" in this case):

$ ./john --format='md5_gen(23)' pw
Loaded 5 password hashes with no different salts ( md5_gen(23): sha1(md5($p)) [64x2 (MD5_Body)])

To test that this works right, I generated the following hash:


The corresponding password gets cracked:

$ ./john --format='md5_gen(23)' pw-test 
Loaded 1 password hash ( md5_gen(23): sha1(md5($p)) [64x2 (MD5_Body)])
test             (?)
guesses: 1  time: 0:00:00:04 DONE (Sat Jul 16 02:40:28 2011)  c/s: 29.29  trying: 12345 - barney
Use the "--show" option to display all of the cracked passwords reliably

There's some slowness at startup, though - but with your 5 hashes the
speed increased to a reasonable level (millions c/s) after a while.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.