Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 14 Dec 2017 11:28:34 -0600
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: Cracking MD5 with long, known prefix

On 12/14/2017 9:50 AM, Solar Designer wrote:
> On Thu, Dec 14, 2017 at 10:39:10AM -0500, Mark E. Haase wrote:
>>      Can't set max length larger than 55 for Raw-MD5 format
>>
>> My research indicates that 55 is a hard limit for MD5 that cannot be
>> changed at runtime, and that this limit was chosen for performance reasons.
> Yes.  But with current bleeding-jumbo you can get up to 110 with
> --format=dynamic='md5($p)'.  Perhaps we should document this somewhere.
>
> I'm afraid there's no easy way to go beyond 110 with our current code.
>
> Apparently, latest hashcat can go up to 256, so you may try that.
>
> Jim, since in this case the prefix is constant, can it possibly be
> provided as such in the dynamic format specification (I guess yes),
> and would that possibly not be counted against the 110 characters
> limit (I guess no)?

Mark,

I think you are viewing this incorrectly. What you have is a salted 
hash.  You should be searching ONLY for the password part of the hash, 
not the salt.

What you have is this:

```
md5($s.$p)
```

In your case, $s is the salt, and it is the serialized php object.

NOW, there will likely be severe limitations to this search, in that the 
serialized object is probably going to be large (> 256 bytes), so this 
would make usage in current john pretty hard to do for all items.  BUT 
it could be made to work for some of these serialized objects that are a 
little shorter.

Can you post any examples (along with the password that cracks them) for 
testing?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.