Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <6d50f98e0603100559j51d10c78we7f214b60b184c68@mail.gmail.com>
Date: Fri, 10 Mar 2006 14:59:30 +0100
From: Turko <granturko@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: checking only first 5 characters of a md5 hash

Thanks a lot for replies.


On 3/10/06, Solar Designer <solar@...nwall.com> wrote:
>
> On Thu, Mar 09, 2006 at 11:43:40AM +0100, Turko wrote:
> > My problem is this: I have only the first 5 characters of a md5 hash.
>
> Are those the first 5 characters of an ASCII encoding of an MD5 hash or
> the first 5 bytes of an MD5 hash?


They are taken from a  php generated hash that I m using for locale tests
on  my webserver :

$code = substr(base64_encode(md5($mykey)),0, 5);


Is this a raw MD5 hash (typically encoded as a string of 32 hexadecimal
> characters) or a FreeBSD-style MD5-based hash (typically encoded as a
> string starting with the characters "$1$")?
>
> How do you know it's MD5?
>
> In fact, can you simply share those 5 characters with us?




> Is it possible telling John to check only them during the crack?
>
> No.  John normally operates on internal representations of hashes, not
> on ASCII encodings (the ASCII encodings are decoded at load time) - so
> making it operate on only certain characters of the encoding is
> non-trivial.
>
> > I mean, is correct the idea that checking only the first 5 is better
> then
> > all others ?
>
> I don't understand this idea/question.
>
> > Many keys can be encrypted and having the same first 5
> > characters so it would be faster then cracking all 16 right?
>
> Yes, you might find a password that produces the right first 5
> characters or bytes quicker.  This won't necessarily be the original
> password.  If the target system only checks those 5 characters or bytes,
> then any password you can find in this way will be as good as the
> original one.


ok, is what I hope ; )

On the other hand, if the target system checks the entire MD5 hash - of
> which you only have the first 5 characters of an ASCII encoding or the
> first 5 bytes - then many or most passwords you might find won't work to
> login to the system.
>
> With typical users' passwords, 5 characters of a hex-encoding (20 bits)
> might not be enough to identify just the original password (and no other
> realistic passwords producing the same 5 characters), whereas 5 bytes of
> the hash itself (40 bits) will likely be enough.
>
> > How can I tell John to get the substring of the hash and checking only
> its 5
> > chars?
>
> That would require a source code patch.


is it hard to write? Maybe I can try...but how ?

If you only need this done once, it might be quicker for you to write a
> Perl script that would use Digest::MD5 and accept a stream of candidate
> passwords on the standard input.  Then use "john ... --stdout" to feed
> candidate passwords to this Perl script.


Mhhmmm, I m not an expert programmer as you can imagine...So the steps are:

1- Writing a script that receives ascii passwords from John,
2- encrypt them,
3- and then check the first 5 characters of the hash (right ?)


.Thanks a lot.

> --
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D
> 3598
> http://www.openwall.com - bringing security into open computing
> environments
>
> Was I helpful?  Please give your feedback here:
> http://rate.affero.net/solar
>
> --
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.