Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Jan 2012 06:28:39 +0400
From: Solar Designer <>
Subject: Re: SHA1 with long hash

I was hoping that someone else would respond to this...

On Mon, Dec 26, 2011 at 10:22:19AM +0100, wrote:
>  This following hash is SHA1 salted  is not recognized by JTR
> xxx:$dynamic_24$6559af43d62bba45bfdc2089c4f0fac45d710ff4$3f759b9beea496251148051ed62825d6bb552d2

Besides the fact that the salt is long, it also has a non-even number of
hex characters above (39).  Perhaps you made a typo?

Anyhow, yes, it appears that dynamic_24 does not support salts this long.
JimF may want to enhance it.

>  It is possible to crack SHA1 with long salt ?

You could use the sha1-gen format for now, formatting your hash like this:


where you'd need to replace "salt" with your actual raw salt (not hex
characters).  So you'd have 20 weird characters there (assuming that
your actual salt was 40 hex characters), and for some other salts this
would not even work at all (as you'd get characters like linefeeds).

...or, more likely, you're mistaken and your salt is actually a string
of 40 characters - that is, the PHP app used sha1() hex output directly
as a salt.  In that case, sha1-gen will just work for you.  Since you
didn't post the actual salt (likely excluding one character from it), I
cannot easily test this hypothesis (not to mention that the specific
password might not be easily crackable).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.