Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CALb0Rk7qVwJiBupjVve3KyD3Fcbaxu4i0+RsjDOJ9x8v0Z-V0w@mail.gmail.com>
Date: Thu, 14 Dec 2017 10:39:10 -0500
From: "Mark E. Haase" <mehaase@...il.com>
To: john-users@...ts.openwall.com
Subject: Cracking MD5 with long, known prefix

Hey all,

I have a cookie created by the Code Igniter web framework[1] that looks
like this (wrapped for readability):

    a:4:{s:10:"session_id";s:32:"8a70dfc8e6433b28ff7cf138b6d1d2
a5";s:10:"ip_addr
    ess";s:12:"XX.XXX.XX.20";s:10:"user_agent";s:120:"Mozilla/5.0
(Macintosh; In
    tel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/62.0.320
    2.94 Safari/537.36";s:13:"last_activity";i:1512923530;}
a680075dd6b96d4f44beb
    9a9731ed722

The cookie contains a serialized PHP object with an MD5 hash appended to
it. The hash is computed as follows:

    $hash =  md5($obj . $key)

Where `$obj` is the serialized object and `$key` is a secret. This hash is
verified before unserializing the object. I want to try cracking `$key`,
but I am not sure if this is even possible with John The Ripper. I tried
both mask attack and hybrid mask. The former doesn't produce an error but
silently fails to recover the key. The latter produces this error about
exceeding the maximum length for MD5 (wrapped for readability):

    $ john --mask='a:4:{s:10:"session_id";s:32:"
8a70dfc8e6433b28ff7cf138b6d1d2a5
    ";s:10:"ip_address";s:12:"XX.XXX.XX.20";s:10:"user_agent";
s:120:"Mozilla/5.0
    (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like
Gecko) C
    hrome/62.0.3202.94 Safari/537.36";s:13:"last_
activity";i:1512923530;}?w'
    -w=/usr/share/dict/rockyou.txt --max-length=191 --format=Raw-MD5 hashes
    Can't set max length larger than 55 for Raw-MD5 format

My research indicates that 55 is a hard limit for MD5 that cannot be
changed at runtime, and that this limit was chosen for performance reasons.
Is it possible to compile John with a long limit (expecting a major drop in
performance) or is this simply not possible at all?

Cheers,
Mark


1. https://codeigniter.com/

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.