|
Message-ID: <20090215070446.GA3488@fear.qoop.org>
Date: Sun, 15 Feb 2009 01:04:46 -0600
From: "Joshua J. Drake" <jtr-users@...p.org>
To: john-users@...ts.openwall.com
Subject: Re: Broken long/double DES hash split
Alexander,
Thank you for your insight. With the change I made I was able to
determine that this matches:
Hash: hEV8duHKvyjqcj2vdKXJ.O96
Plain: UnsolvedMysterie
Would anyone be willing to share sample password files/hashes for
these (and other) more rare formats?
I guess the only way to handle this situation properly would be to
have some flag to designate which type it is. Do you think it would
be possible to detect one versus the other?
--
Joshua J. Drake
On Sun, Feb 15, 2009 at 06:43:46AM +0300, Solar Designer wrote:
> On Sat, Feb 14, 2009 at 09:06:06PM -0600, Joshua J. Drake wrote:
> > I'm not sure if this is really broken or not, but it wasn't working
> > for the password file I have that uses these types of hashes.
>
> There are two types of hashes that look the same (24-character strings) -
> one is bigcrypt, the other is crypt16. JtR only supports the former.
> Maybe you have the latter. These two are described here:
>
> http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/BigCrypt.pm
> http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/Crypt16.pm
>
...
> Does it work against your hashes with that "correction"? I would not
> expect it to. If it does, then you've discovered a third type of
> double-length hashes - neither bigcrypt, nor crypt16.
Perhaps it was something custom. No idea where this file came from.
>
> > Do you have files that work with the current method?
>
> Yes. Some others in here also mentioned having used it successfully.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.