john-users - Re: using John to crack MD5 password with more than 13 characters

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20050602154915.71521.qmail@web32805.mail.mud.yahoo.com>
Date: Thu, 2 Jun 2005 08:49:15 -0700 (PDT)
From: Fredrick Regnery <fwregnery@...oo.com>
To: john-users@...ts.openwall.com
Subject: Re: using John to crack MD5 password with more than 13 characters

Dear Sir,
I await your response. mon_hl@...mail.com.
Regards,
Fred

Denis Ducamp <Denis.Ducamp@...ar.org> wrote:
On Thu, Jun 02, 2005 at 12:03:33PM -0300, Alceu R. de Freitas Jr. wrote:
> Hello everybody,

Hi,

> I have an web application that uses MD5 and base64
> encoding to protect users passwords. I would like to
> run john against these passwords and check for weak
> ones.
[...]
> There is any way to use John the Ripper to help with
> that?

By default john only knows about "Unix'md5" not raw md5. You have to apply
the raw-md5 patch and try with --format=rawMD5.

The format of the password should be the same as the one from openssl :
$ echo -n bunda | openssl md5
55b0c86ed75326a42b7a48c3fbf67baf

Have fun,

Denis.

-- 
http://www.groar.org/enough/bushit.jpg

Content of type "text/html" skipped

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.