Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2009 05:10:08 -0600
From: Billy Newsom <billy@...c.us>
To: john-users@...ts.openwall.com
Subject: md5 hash with a salt? Format?

I don't know if john is used much for more mundane account cracking, but I 
would like to run john against a known md5 hash with a known salt. I just need 
to know how to tell john what I've got.

In my case, I have the md5 hashes stored with the salt. I have found out that 
the salt is prepended to the password prior to the hash.

So if I had:

396df9c93be5ec566810be9dfbae7b4f:4d

My plaintext password might be "silly" and the salt was 4d.

So if we ran
%md5 -s '4dsilly'
MD5 ("4dsilly") = 396df9c93be5ec566810be9dfbae7b4f

Okay, how in the world do I get john to run that? What should my password file 
look like, and which md5 option do I tell it to use? I don't see where I put 
the salt, because there is no documentation on the way each password format 
file should look. Hint: could you generate such an example file with test 
cases and simple passwords to crack so we can follow the examples?

And in my case, I know that every "password" will essentially start with 4d. 
How do I tell that to john so he doesn't try other possibilities?

Thanks

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ