Date: Tue, 3 Jan 2012 06:28:39 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: SHA1 with long hash I was hoping that someone else would respond to this... On Mon, Dec 26, 2011 at 10:22:19AM +0100, websiteaccess@...il.com wrote: > This following hash is SHA1 salted is not recognized by JTR > xxx:$dynamic_24$6559af43d62bba45bfdc2089c4f0fac45d710ff4$3f759b9beea496251148051ed62825d6bb552d2 Besides the fact that the salt is long, it also has a non-even number of hex characters above (39). Perhaps you made a typo? Anyhow, yes, it appears that dynamic_24 does not support salts this long. JimF may want to enhance it. > It is possible to crack SHA1 with long salt ? You could use the sha1-gen format for now, formatting your hash like this: $SHA1s$salt$c88e9c67041a74e0357befdff93f87dde0904214 where you'd need to replace "salt" with your actual raw salt (not hex characters). So you'd have 20 weird characters there (assuming that your actual salt was 40 hex characters), and for some other salts this would not even work at all (as you'd get characters like linefeeds). ...or, more likely, you're mistaken and your salt is actually a string of 40 characters - that is, the PHP app used sha1() hex output directly as a salt. In that case, sha1-gen will just work for you. Since you didn't post the actual salt (likely excluding one character from it), I cannot easily test this hypothesis (not to mention that the specific password might not be easily crackable). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.