Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 23 Sep 2011 00:01:02 +0200
From: Nicolas RUFF <>
Subject: Re: md5(unicode($u."&".$p)) eventually working ...


Thank you for your answer.

> This issue surprises me.  I thought that the 'prepare' function would handle
> this, and deal with shoving the user name field into the hash properly.  It
> may be tied to having to add the MGF_SALTED flag.  I will investigate.  It
> may be that since there is not 'real' salt, the prepare is not able to
> properly append the $$Uusername data.

My debugging was based on adding printf() to salt() and DoMD5() functions.

It appears that $$Uusername is not automatically added before salt() is
called, resulting in an empty salt during MD5 computation.

I have not walked down the whole code path, sorry.

> Once you added the MGF_SALTED, would this line work?
> root:md5_gen(1009)ca6ebcf4d6ed610ef1fb7316f9f415db
> root:ca6ebcf4d6ed610ef1fb7316f9f415db
> I thought 'both' should work.

Sorry, none worked.

$ cat test
$ ./john --format=md5-gen --subformat="md5_gen(1009)" test
No password hashes loaded (see FAQ)

$ cat test
$ ./john --format=md5-gen --subformat="md5_gen(1009)" test
No password hashes loaded (see FAQ)

It is mandatory to use the following format:
$ cat test
$ ./john --format=md5-gen --subformat="md5_gen(1009)" test
Loaded 1 password hash (md5_gen(1009) md5(unicode($u."&".$p)) [128x1

*However*, John-1.7.8-jumbo-7 has fixed the issue :)

- Nicolas RUFF

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.