Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110723132411.GA10414@openwall.com>
Date: Sat, 23 Jul 2011 17:24:11 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: JTR Pro

On Fri, Jul 22, 2011 at 08:47:45PM -0400, Jeff Walzer wrote:
> I'm thinking about purchasing JTR Pro for Mac, but before doing so I had a
> question.
> 
> We are storing passwords in a SQL table using a MD5 hash. Can dump the
> passwords to a file and run JTR pro against it to crack passwords?

JtR Pro currently focuses on operating system passwords.  The purchase
page for it gives an exhaustive list of supported hash types.  Of the
MD5-based hashes, it supports only MD5-based crypt(3).  It does not
support raw MD5 hashes.

In case by "MD5 hash" you meant raw MD5, then your priority might be to
move to a hash type that is actually appropriate for password hashing
(raw MD5 isn't).  There's not much point in getting over 90% of your
passwords cracked just to decide to move to a proper hash type - unless
you need to demonstrate this to someone else before the determination
can be made, or you need to "upgrade" the existing passwords to the new
hash type (the few "uncrackable" ones will stay with raw MD5 for longer).

For a proper hash type, consider these:

http://www.openwall.com/crypt/
http://www.openwall.com/phpass/

depending on the programming language used.

If you do want to crack the raw MD5 hashes anyway, then you need to use
a -jumbo version of JtR.  The latest is 1.7.8-jumbo-2, available in
source code form.  There are also unofficial builds of slightly older
versions for Mac OS X:

http://download.openwall.net/pub/projects/john/contrib/macosx/
http://openwall.info/wiki/john/custom-builds#Compiled-for-Mac-OS-X

These support raw MD5 hashes, too.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.