Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110723132411.GA10414@openwall.com>
Date: Sat, 23 Jul 2011 17:24:11 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: JTR Pro

On Fri, Jul 22, 2011 at 08:47:45PM -0400, Jeff Walzer wrote:
> I'm thinking about purchasing JTR Pro for Mac, but before doing so I had a
> question.
> 
> We are storing passwords in a SQL table using a MD5 hash. Can dump the
> passwords to a file and run JTR pro against it to crack passwords?

JtR Pro currently focuses on operating system passwords.  The purchase
page for it gives an exhaustive list of supported hash types.  Of the
MD5-based hashes, it supports only MD5-based crypt(3).  It does not
support raw MD5 hashes.

In case by "MD5 hash" you meant raw MD5, then your priority might be to
move to a hash type that is actually appropriate for password hashing
(raw MD5 isn't).  There's not much point in getting over 90% of your
passwords cracked just to decide to move to a proper hash type - unless
you need to demonstrate this to someone else before the determination
can be made, or you need to "upgrade" the existing passwords to the new
hash type (the few "uncrackable" ones will stay with raw MD5 for longer).

For a proper hash type, consider these:

http://www.openwall.com/crypt/
http://www.openwall.com/phpass/

depending on the programming language used.

If you do want to crack the raw MD5 hashes anyway, then you need to use
a -jumbo version of JtR.  The latest is 1.7.8-jumbo-2, available in
source code form.  There are also unofficial builds of slightly older
versions for Mac OS X:

http://download.openwall.net/pub/projects/john/contrib/macosx/
http://openwall.info/wiki/john/custom-builds#Compiled-for-Mac-OS-X

These support raw MD5 hashes, too.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.