Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Sep 2012 06:56:11 -0700 (PDT)
From: NeonFlash <psykosonik_frequenz@...oo.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: WebEdition CMS

Thanks a lot for implementing this algorithm :)

I updated the dynamic.conf file with the configuration provided however, what's the command line to run?

I am using:  1.7.9-jumbo-5

The test hash given is:


$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall

I used:

john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt

It does not load the hash.

Also, in the test hash, what is 'SXB'?

openwall is the username which is used as the salt. Is SXB supposed to be the precomputed salt (md5(username))?

I am using the configuration file provided by Jim, the one with only 1 call to md5.

Thanks once again :)



________________________________
 From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com 
Sent: Sunday, September 30, 2012 7:01 PM
Subject: Re: [john-users] WebEdition CMS
 
On Sun, Sep 30, 2012 at 5:07 PM,  <jfoug@....net> wrote:
> Simply looking at that format script, I believe it would work fine. There is
> also ways a username can be used directly within dynamic instead.  However,
> since anyone using this would be fabricating the JtR input file, putting the
> username into a salt field would be just as easy as putting into the
> username field when building the file.

> Also, if a salt is used vs the username within dynamic, then there is a nice
> optimization that can be used to double the speed of the format. If you
> notice the base-16 MD5 of the salt (user name), is a static string. This can
> be pre-computed at load time, and done only once. This reduces the MD5 calls
> from 2 to 1 per password/salt trial.

Jim,

I have tried to implement what you said,

MySQL [webedition]> select username,md5(username),passwd,UseSalt from
tblUser where username="openwall";
+----------+----------------------------------+----------------------------------+---------+
| username | md5(username)                    | passwd
          | UseSalt |
+----------+----------------------------------+----------------------------------+---------+
| openwall | f2df0ddd3129c68b1ae7be05779ebeb3 |
14f8b3781f19a3b7ea520311482ce207 |       1 |
+----------+----------------------------------+----------------------------------+---------+

####################################################################
# DYNAMIC type for WebEdition CMS md5($p.PMD5(username))
# > select md5(username),passwd,UseSalt from tblUser
# PMD5(username), pre-computed md5 of username is salt
####################################################################
[List.Generic:dynamic_1012]
Expression=md5($p.PMD5(username)) (WebEdition CMS)
Flag=MGF_SALTED
Flag=MGF_SALT_AS_HEX
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall

However it fails self-test,

Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS)
[128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0)

Any tips to get it working?

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.