Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Dec 2017 11:28:34 -0600
From: jfoug <>
Subject: Re: Cracking MD5 with long, known prefix

On 12/14/2017 9:50 AM, Solar Designer wrote:
> On Thu, Dec 14, 2017 at 10:39:10AM -0500, Mark E. Haase wrote:
>>      Can't set max length larger than 55 for Raw-MD5 format
>> My research indicates that 55 is a hard limit for MD5 that cannot be
>> changed at runtime, and that this limit was chosen for performance reasons.
> Yes.  But with current bleeding-jumbo you can get up to 110 with
> --format=dynamic='md5($p)'.  Perhaps we should document this somewhere.
> I'm afraid there's no easy way to go beyond 110 with our current code.
> Apparently, latest hashcat can go up to 256, so you may try that.
> Jim, since in this case the prefix is constant, can it possibly be
> provided as such in the dynamic format specification (I guess yes),
> and would that possibly not be counted against the 110 characters
> limit (I guess no)?


I think you are viewing this incorrectly. What you have is a salted 
hash.  You should be searching ONLY for the password part of the hash, 
not the salt.

What you have is this:


In your case, $s is the salt, and it is the serialized php object.

NOW, there will likely be severe limitations to this search, in that the 
serialized object is probably going to be large (> 256 bytes), so this 
would make usage in current john pretty hard to do for all items.  BUT 
it could be made to work for some of these serialized objects that are a 
little shorter.

Can you post any examples (along with the password that cracks them) for 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.