Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Dec 2010 15:36:34 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: Identifying hashes

2010-12-22 23:03, Dan Tentler wrote:
> I've been perusing though the hashes in the gawker release and I found a
> hash style I've been unable to identify. Can any of you guys put your
> finger on what style of hash this is? It's that $2a$10 in there that
> gets me...
>
> <user>:f2UmwcltELO.U:$2a$10$uD7hFnbqNxF1iFTanZZmr.aLPfqGDdOE7e96wNdnGQsMOdNZh3ueK

Try putting that hash after the first delimiter instead of the des hash, 
and JtR will properly identify them as BF (OpenBSD blowfish). They are 
extremely slow, just trying one single cleartext against all hashes will 
take minutes. It seems to be OMP enabled in JtR though I never saw it 
mentioned.

I believe they will end up the same password as the corresponding des 
hash when both are available but I haven't confirmed it. They will not 
be truncated at seven bits and length 8 though, so they would sometimes 
need mangling from the des password, somewhat like NT vs LM cracking.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.