Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4026.84.188.220.110.1141908149.squirrel@www.jpberlin.de>
Date: Thu, 9 Mar 2006 13:42:29 +0100 (CET)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: checking only first 5 characters of a md5 hash


> Maybe I didn't explained in a good way (sorry for my english) :
> the first 5 chars are not of the password, but they are the first 5 of the
> md5 HASH.

Yes but that wont change anything I guess.
but solar is able to answer this more precise I guess.

> with "abc123" ? Is this way faster then crack the entire HASH right?
> (abc123

Yes it is but...

> can correspond to first part of many different hashes -> many possible
> passwords -> the first I find is good) .

You mean collision
One hash -> many plaintext results

> Is correct the idea? Becouse I don't know how the md5 algorithm works
> exactly....

As far as I know MD5 used by login uses Salts too to prevent such htings.
But the problem si the same: if you know the first letters of the hash or
the password:

You would need to know the entry MD5-Table because john can`t (as far as I
know) reduce the keyspace (and this is a reducing) by known
plaintext/cyphertext.

For that you may need a precalculated MD5-Table to take a look where the
keyspace ends or begins. Maybe this can be done also without such a Table
but john would have to pre-calculate the limited keyspace first to know
how many Passwords should be tried. THis would be possible if the
algorithm would be used vice versa.

I`m not that expert so I hope solar will answer too.

Kind regards,
Rembrandt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.