Date: Fri, 22 Jul 2011 03:40:39 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: md5_gen ... again Jean-Michel, Jim - On Thu, Jul 21, 2011 at 01:27:24AM +0200, Jean-Michel wrote: > It seems that having the flag MGF_USERNAME without MGF_SALTED breaks the > format. > > For example, for Asterisk SIP secret hashes, I have : > > [List.Generic:md5_gen(1400)] > Expression=md5($u.:asterisk:.$p) [Asterisk SIP] > Flag=MGF_USERNAME > Func=MD5GenBaseFunc__clean_input > Func=MD5GenBaseFunc__append_userid > Func=MD5GenBaseFunc__append_input1_from_CONST1 > Func=MD5GenBaseFunc__append_keys > Func=MD5GenBaseFunc__crypt > CONST1=:asterisk: > Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a:abcd:1234 > > This function fails at get_hash(0) Frankly, I see little need for including the username and the constant string in the format. Here's how to do it much simpler, without any custom md5_gen format: $ cat pw 1234 md5_gen(4)4a8e71480c5b1ef0a5d502a8eb98576a$1234:asterisk: $ ./john --field-separator-char=' ' pw using field sep char ' ' (0x20) Loaded 1 password hash ( md5_gen(4): md5($s.$p) (OSC) [SSE2 16x4x2 (intr)]) abcd (1234) guesses: 1 time: 0:00:00:02 DONE (Fri Jul 22 03:31:07 2011) c/s: 458 trying: rugby - ace Use the "--show" option to display all of the cracked passwords reliably This is with 1.7.8-jumbo-2 and no other patches. (Ignore the low c/s rate - this is probably specific to my setup. It improves to a few million in a few more seconds if the password is not cracked.) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.