Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050602150333.63667.qmail@web30808.mail.mud.yahoo.com>
Date: Thu, 2 Jun 2005 12:03:33 -0300 (ART)
From: "Alceu R. de Freitas Jr." <glasswalk3r@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: using John to crack MD5 password with more than 13 characters

Hello everybody,

I have an web application that uses MD5 and base64
encoding to protect users passwords. I would like to
run john against these passwords and check for weak
ones.

The problem is, when I try to simulate something like
the Linux shadow file, john complains that no password
was loaded.

I decided to make some testing using Perl:

C:\Documents and Settings\br04196>perl -MDigest::MD5
-e "$ctx=Digest::MD5->new;
$ctx->add('bunda'); print $ctx->b64digest"
VbDIbtdTJqQrekjD+/Z7rw

Then I created a new file with:

smithj:VbDIbtdTJqQrekjD+/Z7rw:10063:0:99999:7:::

It didn't work either. I tried using "hexdigest" and
"digest" from the same module, with the same result.

There is any way to use John the Ripper to help with
that?

Thanks,


__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger 
http://br.download.yahoo.com/messenger/

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.