Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 Jan 2010 23:05:11 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: syntax for SHA1 salted

On Sat, Jan 23, 2010 at 05:49:55PM +0100, websiteaccess@...il.com wrote:
>  I use JTR 1.7.4.2 with jumbo patch.
> 
>  Is JTR able to crack SHA1 salted with username as salt ( 
> sha1($username.$pass) [PHP]  )

There's no built-in support for that currently, and I'm not aware of an
existing patch that would add such support.  (There's support for some
other SHA-1 based salted hashes in the jumbo patch, but they use
fixed-size salts.)

If you're OK with running "john" separately for each username (probably
you are not...), then you can implement very limited support for the
above using an external filter() in john.conf and the existing raw SHA-1
"format" (introduced with the jumbo patch).  You'd hard-code the salt
into filter().

Of course, it'd be better to create a custom "format" (maybe a somewhat
generic one similar to JimF's "generic MD5" stuff).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.