Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20230207022007.GA22964@openwall.com>
Date: Tue, 7 Feb 2023 03:20:08 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Hash format identification problem

Hello Johny,

It is unlikely that a 32 hex characters hash is actually an LM hash,
unless it's seen in a proper field in a PWDUMP format file.  So it's
unfortunate that we detect such strings as LM hashes, which we do for
historical reasons only - the only hash type with such encoding that
JtR core aka non-jumbo supported happened to be LM.

JtR jumbo supports many other hashes that are also commonly encoded as
32 hex characters.  Raw MD5 is one of those, and is a likely guess.
JtR jumbo also makes and prints such possible guesses, in the form of
"Warning" messages with suggested "--format" options to use.  You
probably had a bunch of those messages printed before the "Loaded ..."
line.  You can give those different options a try, perhaps starting with
"--format=raw-md5".

Then there's MDXfind, a third-party password cracker originally focusing
on cracking such hashes where the exact type is not known.  With it, you
wouldn't need to guess the hash type in advance - rather, it can test
password guesses along with hash type guesses at once.  However, I think
it's still closed source, so I haven't tried it out myself.

I hope this helps.

Alexander

On Mon, Jan 30, 2023 at 02:46:33PM +0100, Johny Krekan wrote:
> Hello, I Need a small help with identifying correct hash kind.
> After passing following hash to John:
> 9c9826dd4f78cfbbed9b01a7fb282d67
> I Got following response:
> Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2])
> 
> Do you think that this detection is good? Why some online hash analyzers
> reported to me it as MD5?
> Any way what options would you use to test security of this hash?
> 
> 
> Thanx for advice.
> 
> 
> 
> 
> ---
> New Outlook Express and Windows Live Mail replacement - get it here:
> https://www.oeclassic.com/
> 
> 
> Johny

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.