[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100319214830.GA16878@openwall.com>
Date: Sat, 20 Mar 2010 00:48:30 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Unsalted passwd
On Fri, Mar 19, 2010 at 10:26:55PM +0100, ph3arconf@...il.com wrote:
> I found that this passwd line is unsalted.
>
> root:$1$$1lqCUxARG7RZxCqf2/VNV0:0:0:root:/root:/bin/ash
>
> and JtR detects it as (FreeBSD MD5 [32/64 X2])
That's correct. The fact that it uses an empty salt is of no benefit to
you unless you have multiple hashes like this, in which case you'd have
matching salts and thus higher effective c/s rate.
> However If I keep only this part lqCUxARG7RZxCqf2
Why do this?
> which is the actual hash(?)
No, it is not. It is a portion of the hash encoding string.
> JtR will detect this as (PIX MD5 [pix-md5])
>
> Is this correct or I'm completely wrong?
The latter. JtR with the jumbo patch supports a lot of hash types, some
of which use fairly generic encodings, so mis-detection is quite
possible, especially if you actively try to edit your strings until you
get a "match" of the encoding type against that used by one or more of
the supported hash types.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
