Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jul 2011 20:18:32 -0500
From: "jfoug" <>
To: <>
Subject: RE: md5_gen ... again

I did list (within code) that this would happen.  This exact case.

		// this code is BROKEN in the case where we have a 'simple'
salt, that starts with a '$'
		// character.  For now, I will simply comment these out, and
they should work fine.  NOTE, this
		// will break complex salts, which do not start with a
'normal' salt.  Something like
		// $$Uuser will now fail (if that is the entire salt).  But
at this time, there are no 'canned'
		// formats that use that, so this patch will work around the
problem, giving me some time to
		// address this for the 'complex' salt case, in a later
version of md5_gen.
//		if (ciphertext[curdat.md5_gen_SALT_OFFSET] == '$')
//			strnzcpy(Salt,
&ciphertext[curdat.md5_gen_SALT_OFFSET-1], SALT_SIZE);
//		else

Thus what is happening, is you have no 'valid' salt  What you have in the
salt 'field' is $$U1234  But due to some other fixes I added, this is

At this time, until I spend more time coming up with a more generic 'fix', I
would sugest that you build the format this way:

Expression=md5($s.:asterisk:.$p) [Asterisk SIP]

Yes, I know that is not a 'fix', but I am not going down the knee jerk fix
in the salts until I have a better chance to dig deeper, and get it 'right'.


>-----Original Message-----
>From: [] On Behalf Of Jean-Michel
>Sent: Wednesday, July 20, 2011 6:27 PM
>Subject: [john-users] md5_gen ... again
>I upgraded from john 1.7.7 to john 1.7.8 with all patches applied.
>On x64 build, the patch john-1.7.8-jumbo-2after-MSCash2-many-fixes-
>made some of my md5_gen configuration scripts to fail.
>It seems that having the flag MGF_USERNAME without MGF_SALTED breaks the
>For example, for Asterisk SIP secret hashes, I have :
>Expression=md5($u.:asterisk:.$p) [Asterisk SIP]
>This function fails at get_hash[0](0)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.