Date: Mon, 13 Aug 2012 19:45:32 +0400 From: Vladimir Vorontsov <vladimir.vorontsov@...ec.ru> To: john-users@...ts.openwall.com Subject: Re: Salted MD5 cracking problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! First, thx you for answer and advices! 12.08.12, 20:31, Solar Designer ?????: > On Sun, Aug 12, 2012 at 03:56:53PM +0400, Vladimir Vorontsov > wrote: >> Currently we do not have any solution to brute MD5(salt.pass) >> hashes. > > How many of these do you need to try cracking? Is the salt length > fixed (at 8?) or variable? In fact, is the salt value fixed or do > you have multiple per-hash salts? What cracking mode(s) would you > prefer to use? Salt length is fixed and can be 2 bytes (osCommerce) or 8 bytes (Bitrix and some another). I'm never seen anothers lengths. But it is possible in self-coded web-applications, not CMS. Salt value is not fixed always. We have unique salt per hash. > >> Look forward to an internal (dev) version of the john. > > The closest match to what you need is currently myrice's > work-in-progress on "fast" hashes on GPU, where he has code for > raw-MD5 with hard-coded mask for two characters on GPU (with the > rest of password provided by CPU) and with hash comparisons on GPU. > This is not optimized yet, but it does achieve a little over 2 > billion passwords/sec on 7970 when run against up to a few thousand > hashes at once. (myrice is working on improving the scalability to > avoid the slowdown with higher hash counts, also testing on 1 > million loaded hashes. In fact, this might be already done - I > haven't tested the latest code yet.) There's no support for salts > in that code yet, but if you only have one salt value it can be > added easily, e.g. via external filter() in john.conf (this won't > affect the speed much since it'd be out of the loop for last two > chars). > > So please answer my questions above and we'll see what we can do. > Thanks. > > Alexander > > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlApIRwACgkQshExP8cA6RS/QgCfQAVXXpOpEtzfh+XOauvw+s6Q gbEAnAoaB/EqT5OJEYKPsXAiu80iLmDM =gfZ5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.