Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 22 Jul 2011 03:40:39 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: md5_gen ... again

Jean-Michel, Jim -

On Thu, Jul 21, 2011 at 01:27:24AM +0200, Jean-Michel wrote:
> It seems that having the flag MGF_USERNAME without MGF_SALTED breaks the
> format.
> 
> For example, for Asterisk SIP secret hashes, I have :
> 
> [List.Generic:md5_gen(1400)]
> Expression=md5($u.:asterisk:.$p) [Asterisk SIP]
> Flag=MGF_USERNAME
> Func=MD5GenBaseFunc__clean_input
> Func=MD5GenBaseFunc__append_userid
> Func=MD5GenBaseFunc__append_input1_from_CONST1
> Func=MD5GenBaseFunc__append_keys
> Func=MD5GenBaseFunc__crypt
> CONST1=:asterisk:
> Test=md5_gen(1400)4a8e71480c5b1ef0a5d502a8eb98576a:abcd:1234
> 
> This function fails at get_hash[0](0)

Frankly, I see little need for including the username and the constant
string in the format.  Here's how to do it much simpler, without any
custom md5_gen format:

$ cat pw
1234 md5_gen(4)4a8e71480c5b1ef0a5d502a8eb98576a$1234:asterisk:
$ ./john --field-separator-char=' ' pw
using field sep char ' ' (0x20)
Loaded 1 password hash ( md5_gen(4): md5($s.$p)  (OSC)  [SSE2 16x4x2 (intr)])
abcd             (1234)
guesses: 1  time: 0:00:00:02 DONE (Fri Jul 22 03:31:07 2011)  c/s: 458  trying: rugby - ace
Use the "--show" option to display all of the cracked passwords reliably

This is with 1.7.8-jumbo-2 and no other patches.  (Ignore the low c/s
rate - this is probably specific to my setup.  It improves to a few
million in a few more seconds if the password is not cracked.)

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.