Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:  Fri, 22 Aug 2008 18:15:06 +0200
From:  admin@...ntrust.com
To: john-users@...ts.openwall.com
Subject:  Re: Using john to crack {md5} LDAP passwords

Solar Designer a écrit :
> On Fri, Sep 16, 2005 at 05:32:47PM -0300, Egon Hilgenstieler wrote:
>> I'm using john to crack my user's LDAP accounts. I can successfully run
>> john with entries like this:
>>
>> (...)
>> userPassword: {crypt}YS7pDyBiCFK/A:1004:1005:Marcos
>> (...)
>>
>> I just construct a passwd entry like this:
>>
>> user1:YS7pDyBiCFK/A:1004:1005:User 1:/home/user1:/bin/bash
>>
>> John recognize it as 'Standard DES'.
> 
> Yes.  FWIW, you would get much better performance at these hashes by
> using a post-1.6 development version of John (1.6.39 at this time).
> 
>> However, a have users with entries like this:
>>
>> (...)
>> userPassword: {md5}06o0nI2TLqcfEaoJa6KfYQ==
>> (...)
>>
>> John does not recognize this entry as MD5:
>>
>> user2:06o0nI2TLqcfEaoJa6KfYQ==:2054:1020::/home/user2:/bin/bash
>>
>> I thought that '06o0nI2TLqcfEaoJa6KfYQ==' should be 'FreeBSD's
>> MD5-based'.
> 
> No, it is not.
> 
>> (It's not raw-MD5 either).
> 
> It's almost raw MD5, but uses a different encoding (base64 instead of
> hexadecimal).
> 
>> Shouldn't it work?
> 
> It shouldn't.
> 
>> Or LDAP use a unsupported type o MD5?
> 
> Yes.  (Although it's not really a "type of MD5", but rather a higher
> level algorithm on top of MD5.)
> 
> What you need is basically a hybrid of the raw-md5 and nsldap (SHA-1)
> patches available in contrib.  To my knowledge, such a hybrid patch does
> not currently exist, although it'd be trivial to make one.  Perhaps the
> nsldap patch would be easier to extend to support MD5 instead of or in
> addition to SHA-1.
> 

Hi,
I am waking up this old thread :
Is there any patch today supporting Openldap's MD5 hash ?


sam


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.