Date: Sat, 23 Jul 2011 17:24:11 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: JTR Pro On Fri, Jul 22, 2011 at 08:47:45PM -0400, Jeff Walzer wrote: > I'm thinking about purchasing JTR Pro for Mac, but before doing so I had a > question. > > We are storing passwords in a SQL table using a MD5 hash. Can dump the > passwords to a file and run JTR pro against it to crack passwords? JtR Pro currently focuses on operating system passwords. The purchase page for it gives an exhaustive list of supported hash types. Of the MD5-based hashes, it supports only MD5-based crypt(3). It does not support raw MD5 hashes. In case by "MD5 hash" you meant raw MD5, then your priority might be to move to a hash type that is actually appropriate for password hashing (raw MD5 isn't). There's not much point in getting over 90% of your passwords cracked just to decide to move to a proper hash type - unless you need to demonstrate this to someone else before the determination can be made, or you need to "upgrade" the existing passwords to the new hash type (the few "uncrackable" ones will stay with raw MD5 for longer). For a proper hash type, consider these: http://www.openwall.com/crypt/ http://www.openwall.com/phpass/ depending on the programming language used. If you do want to crack the raw MD5 hashes anyway, then you need to use a -jumbo version of JtR. The latest is 1.7.8-jumbo-2, available in source code form. There are also unofficial builds of slightly older versions for Mac OS X: http://download.openwall.net/pub/projects/john/contrib/macosx/ http://openwall.info/wiki/john/custom-builds#Compiled-for-Mac-OS-X These support raw MD5 hashes, too. I hope this helps. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.