headers
Lyn Scott | 1 Jul 2005 14:52
Picon
Favicon

understanding the encryption method


Hi all,

I have an OpenUnix 8.0.0 box and i am trying to check
the /etc/shadow. I have an user (e.g something like
this user_1:ThnJx./KPgulI) so am i rigth if i suppose
that crypt/DES is used ('cause the string is 13 char
long/with Th is my Salt). When i check the john.pot it
gives me a result for my usrer_1 (e.g my_passw). But
my real password for user_1 is not my_passw but
my_passwd. So how can you use john for password longer
as 8 char (using crypt/DES).
I have another question... I have another Linux box
(Suse9.2) The /etc/shadow is encrypted using BlowFish.
How can I recognize if the Password is encrypted using
BlowFish or DES.

thx in advance

		
__________________________________ 
Yahoo! Mail 
Stay connected, organized, and protected. Take the tour: 
http://tour.mail.yahoo.com/mailtour.html
Permalink | Reply | 5 comments |
headers
Ikari | 1 Jul 2005 19:23
Picon
Favicon

Re: understanding the encryption method

        Lyn Scott <lindey_scott <at> ...> writes:

> 
> 
> Hi all,
> 
> I have an OpenUnix 8.0.0 box and i am trying to check
> the /etc/shadow. I have an user (e.g something like
> this user_1:ThnJx./KPgulI) so am i rigth if i suppose
> that crypt/DES is used ('cause the string is 13 char
> long/with Th is my Salt). When i check the john.pot it
> gives me a result for my usrer_1 (e.g my_passw). But
> my real password for user_1 is not my_passw but
> my_passwd. So how can you use john for password longer
> as 8 char (using crypt/DES).
> I have another question... I have another Linux box
> (Suse9.2) The /etc/shadow is encrypted using BlowFish.
> How can I recognize if the Password is encrypted using
> BlowFish or DES.
> 
> thx in advance
> 
> 		
> __________________________________ 
> Yahoo! Mail 
> Stay connected, organized, and protected. Take the tour: 
> http://tour.mail.yahoo.com/mailtour.html 
> 
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Solar Designer | 2 Jul 2005 11:45
Favicon

Re: understanding the encryption method

This was already answered by Ikari (thanks!), but I'll provide more
precise answers:

On Fri, Jul 01, 2005 at 05:52:06AM -0700, Lyn Scott wrote:
> I have an OpenUnix 8.0.0 box and i am trying to check
> the /etc/shadow. I have an user (e.g something like
> this user_1:ThnJx./KPgulI) so am i rigth if i suppose
> that crypt/DES is used ('cause the string is 13 char
> long/with Th is my Salt).

Yes.

> When i check the john.pot it
> gives me a result for my usrer_1 (e.g my_passw). But
> my real password for user_1 is not my_passw but
> my_passwd. So how can you use john for password longer
> as 8 char (using crypt/DES).

The traditional DES-based crypt(3) hashes discard characters past 8.
This means that your password really _is_ "my_passw" (using your
example), even if you think that it is "my_passwd".  The last "d" was
discarded when you first set that password, and it is discarded each
time you enter it on login (so you could as well not type that character,
or type something different).

> I have another question... I have another Linux box
> (Suse9.2) The /etc/shadow is encrypted using BlowFish.
> How can I recognize if the Password is encrypted using
> BlowFish or DES.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Solar Designer | 2 Jul 2005 12:01
Favicon

Re: Re: understanding the encryption method

On Fri, Jul 01, 2005 at 05:23:09PM +0000, Ikari wrote:
> on systems using schemes like MD5, blowfish... password can be 
> longer and to tell john to go beyond 8 chars you'll have to modify one or 
> more sections of john.ini to set max password length not to 8 but to 
> whatever you want.

This is not quite true.  It's only "incremental" mode which is limited
to 8 characters by default, and this limitation is not just runtime, --
it is compile-time and it also affects the *.chr files format.  So one
can't merely increase MaxLen beyond 8, unfortunately.

This has been discussed in greater detail before:

http://marc.theaimsgroup.com/?l=john-users&m=111611707402157
http://marc.theaimsgroup.com/?l=john-users&m=111611991308901

"Single crack", wordlist, and external modes do not have the limitation
(and there's nothing to modify to be cracking longer passwords -- it
just works).

> Anyway i don't think you'll find a password longer than 8 
> un less you know part of it...

If the password is weak, it may well be found (with a wordlist or
otherwise).

It also happens all the time with LanMan hashes due to their 7+7 split.

--

-- 
Alexander Peslyak <solar at openwall.com>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Baptiste Calmès | 3 Jul 2005 21:34
Picon
Picon

Re: Patches

I myself tried to compile john after applying your patch *-all.diff 
and I get the following error:

cc -s DES_fmt.o DES_std.o DES_bs.o BSDI_fmt.o MD5_fmt.o 
MD5_std.o MD5_apache_fmt.o BFEgg_fmt.o 
BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o lotus5_fmt.o 
MYSQL_fmt.o KRB5_fmt.o KRB5_std.o md5.o 
rawMD5_fmt.o rawSHA1_fmt.o NSLDAP_fmt.o sha1.o 
base64.o NT_fmt.o md4.o smbencrypt.o 
mscash_fmt.o batch.o bench.o charset.o common.o 
compiler.o config.o cracker.o external.o formats.o 
getopt.o idle.o inc.o john.o list.o loader.o logger.o 
math.o memory.o misc.o options.o params.o path.o 
recovery.o rpp.o rules.o signals.o single.o status.o 
tty.o wordlist.o unshadow.o unafs.o undrop.o unique.o 
DES_bs_b.o -o ../run/john -ldes
ld: can't locate file for: -ldes
make[1]: *** [../run/john] Error 1
make: *** [macosx-ppc32-cc] Error 2

I have a file des.h in /usr/include/
Do you have any idea of what is going on?
Permalink | Reply | 2 comments |
headers
Frank Dittrich | 3 Jul 2005 23:22
Picon
Favicon

RE: Re: Patches

Hi Baptiste,

>ld: can't locate file for: -ldes

man ld, or reading Erik's reply to Whom Ever would have let you know
that the error isn't caused by a missing des.h header file,
but instead by the missing libdes library.

>
>I have a file des.h in /usr/include/
>Do you have any idea of what is going on?

Obviously, you didn't read Erik's reply carefully enough:
http://article.gmane.org/gmane.comp.security.openwall.john.user/49
He even mentioned where to get the library.

Regards,
Frank
Permalink | Reply | 1 comment |
headers
Baptiste Calmès | 4 Jul 2005 01:57
Picon
Picon

Re: Patches


Hi Frank,
> 
> Hi Baptiste,
> 
> >ld: can't locate file for: -ldes
> 
> man ld, or reading Erik's reply to Whom Ever would have let you know
> that the error isn't caused by a missing des.h header file,
> but instead by the missing libdes library.

Yes, thanks. But I am pretty new to all this, so I assumed that if the header 
was around, then the library was installed. But in fact, it was a header file 
with the same name, but for another library.

> 
> >
> >I have a file des.h in /usr/include/
> >Do you have any idea of what is going on?
> 
> Obviously, you didn't read Erik's reply carefully enough:
> http://article.gmane.org/gmane.comp.security.openwall.john.user/49
> He even mentioned where to get the library.

Yes, indeed.

Thanks a lot for your help.

Baptiste
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lyn Scott | 4 Jul 2005 11:22
Picon
Favicon

Re: understanding the encryption method


--- Solar Designer <solar@...> wrote:

> The traditional DES-based crypt(3) hashes discard
> characters past 8.
> This means that your password really _is_ "my_passw"
> (using your
> example), even if you think that it is "my_passwd". 
> The last "d" was
> discarded when you first set that password, and it
> is discarded each
> time you enter it on login (so you could as well not
> type that character,
> or type something different).

Now i am a little confused... that means if i try to
login using "user_1" as user and "my_passw" instead of
"my_passwd"...it should work? That also means that i
can use "my_passwx" or "my_pass12345" for the password
and it should work too?  I try to login with
"my_passw" and "my_passwx" but... it doesn't work.
It only works with "my_passwd"!!

		
__________________________________ 
Discover Yahoo! 
Have fun online with music videos, cool games, IM and more. Check it out! 
http://discover.yahoo.com/online.html
(Continue reading)

Permalink | Reply | 1 comment |
headers
Solar Designer | 5 Jul 2005 03:33
Favicon

Re: understanding the encryption method

On Mon, Jul 04, 2005 at 02:22:16AM -0700, Lyn Scott wrote:
> --- Solar Designer <solar@...> wrote:
> 
> > The traditional DES-based crypt(3) hashes discard
> > characters past 8.
[...]

> Now i am a little confused... that means if i try to
> login using "user_1" as user and "my_passw" instead of
> "my_passwd"...it should work? That also means that i
> can use "my_passwx" or "my_pass12345" for the password
> and it should work too?

Correct.

> I try to login with
> "my_passw" and "my_passwx" but... it doesn't work.
> It only works with "my_passwd"!!

Now this is interesting.  If this user's password hash is expressed with
a 13-character string that John cracked as "my_passw", yet logins with
"alternate forms" of this password fail as you say, this leaves us the
only guess that your system stores the "real" password hashes elsewhere.
(Of course, it is also possible that you've made a mistake in your testing.)

I've never used OpenUnix 8 myself, so the above is just a guess.  I'd
try looking under /etc/security for possible alternate password files.

Of course, even if better hashes are being used, it would be possible to
crack first 8 characters of any password separately and then use that
(Continue reading)

Permalink | Reply | 0 comments |
headers
ikbea | 28 Jul 2005 10:37
Picon
Favicon

source

Hi all,

I would like to have the source of "John the Ripper", where can I download ?

Moreover, I would like to force password to obey rules:
1. password length should be more than 8
2. password should have at least two characters and two uppercases letters
How to configure John the Ripper, so it can detect the password that are not 
obey the rules ?

Thanks a lot
Permalink | Reply | 1 comment |

Gmane