Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 3 Sep 2014 10:57:57 +0200 (CEST)
From: Dhiru Kholia <>
Subject: Re: Cracking HSRP MD5 authentication "hashes"

On Wed, 3 Sep 2014, Solar Designer wrote:


> On Tue, Sep 02, 2014 at 09:47:43AM +0200, Dhiru Kholia wrote:
> > I have added support for cracking HSRP MD5 authentication "hashes" to
> > JtR-jumbo (in the bleeding-jumbo branch), which you can get from the
> > following URL,
> Can't you make this a "dynamic" mode, though?  This would both avoid the
> need for a new C source file, and run faster (can use SIMD right away).
> I just took a look at hsrp_fmt_plug.c and I think this could probably be
> expressed in terms of Jim's existing dynamic formats interface.

Jim is already on it (

> As you have noticed, I almost always suggest this when you add a new
> format that uses only MD5 or SHA-1.  Perhaps this is the approach you
> should always start with, and only fall back to writing C code when the
> dynamic approach fails?

Yes, this would be ideal. I wish I had more time (and courage) to
understand the dynamic primitives.

> Also, is missing a public domain statement and/or a license.
> Actually, the same applies to some other *.py files you contributed.
> Can you please apply the license terms from for the rest
> of the Python scripts where you're the sole author as well?

This should be fixed now. Thanks!

> > Sample .pcap files are available on the
> > page. This repository also documents the reversing process for fun.
> Nice.  Can you please also add these samples to:

Done now.

> Twitter:
> ...

Thanks for finding all these links! I have been trying to crack HSRP MD5
scheme for a while now ;)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.