Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f1879345e78c6919449a9b8000adc5f6@smtp.hushmail.com>
Date: Wed, 24 Jul 2013 18:26:30 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: dynamic freebsd-md5(md5($p) . $s) ?

On 24 Jul, 2013, at 15:50 , Christian Kuhn <lolli@...warzbu.ch> wrote:
> I'm trying to handle hashes created in PHP like
> 
> crypt(md5($p), '$1$8-char-base64-salt'); // salt freeBSD md5 of md5($p)
> Test=$dynamic_4711$ru8Bckzd5JdPhjOJoKhoE0$H3rWFp57:test
> 
> I've already tried various dynamic setups and also used my (rusty) c knowledge hacking dynamic_preloads.c. Simple "freeBSD md5" is fine, but combining it with md5($p) before fails.
> 
> My conclusion is freeBSD md5 and other hashes can not be "chained" like "usual" crypt_md5 in dynamic. If that is true, what can be done instead?



Provided I read you right and understood the problem correctly:

Due to optimizations, and only that, our md5crypt version handles a maximum of 15 character passwords. Md5crypt(md5($p)) is thus not supported because md5($p) results in 16 octets. We could easily add such a format but it will be a lot slower than normal md5crypt. In fact I think you can take aix_smd5_fmt_plug.c from the "src/unused" directory, move it to "src" and modify it to your needs - that should work fine. Besides adding the first md5($p) you'd need to take care of one other trivial difference to standard crypt-MD5 - hopefully it's commented enough for you to see it.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.