Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <51EFDBAF.5020105@schwarzbu.ch>
Date: Wed, 24 Jul 2013 15:50:39 +0200
From: Christian Kuhn <lolli@...warzbu.ch>
To: john-users@...ts.openwall.com
Subject: dynamic freebsd-md5(md5($p) . $s) ?

Hey,

I'm trying to handle hashes created in PHP like

crypt(md5($p), '$1$8-char-base64-salt'); // salt freeBSD md5 of md5($p)
Test=$dynamic_4711$ru8Bckzd5JdPhjOJoKhoE0$H3rWFp57:test

I've already tried various dynamic setups and also used my (rusty) c 
knowledge hacking dynamic_preloads.c. Simple "freeBSD md5" is fine, but 
combining it with md5($p) before fails.

My conclusion is freeBSD md5 and other hashes can not be "chained" like 
"usual" crypt_md5 in dynamic. If that is true, what can be done instead?

There are similar scenarios with different outer hash methods:
crypt(md5($p), '$2a$salt); // blowfish of md5($p)
and
crypt(md5($p), '$p$salt); // phpass of md5($p)

My experiments were based on git 1.7.9-jumbo-7 and/or unstable-jumbo.


Thanks for help
Christian

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.