Security Basics mailing list archives
Re: Re[2]: MD5 algorithm
From: Matt Howard <securityfocus () hattmoward org>
Date: Wed, 24 Mar 2004 21:24:56 -0500
On Tuesday 23 March 2004 12:59 pm, you wrote:
Hello Matt,
But I received only 16,22 or 32-byte hashes. Why not 34-byte hashes? And how can I use Digest::MD5 for it? Or maybe you can show me a script on perl or c/c++ with its implementation.
Ah, I looked back at your first question... you want to make a md5 hash for use in a passwd file? Check out 'man crypt'. This form of md5 uses a salt to make the algorithm require two dimensions. That is, instead of making it so you only have to make a hash of every possible password, you have to cover every password with every salt. If you're using perl on a system with the GNU version of libcrypt, you simply use a salt that starts with "$1$". You will need to generate a random salt, using the characters in the set [a-zA-Z0-9./]. This will produce a string in the form you expected: $1$00000000$0000000000000000000000 The first 8 0's are the salt used, and the other 22 are the final md5 in base 64. If you're not on a system with GNU libcrypt, there may be a perl module available on CPAN that does the job also. -- Matt Howard <mhoward__hattmoward.org> http://hattmoward.org PGP: 2364 B8D1 199C 4DB6 9E23 2409 C10B EC85 29B9 91EE --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- SHA-1 Hash Paul Kurczaba (Mar 18)
- RE: SHA-1 Hash Brendan Halliday (Mar 19)
- <Possible follow-ups>
- RE: SHA-1 Hash Shawn Jackson (Mar 18)
- Re: SHA-1 Hash Ivan Coric (Mar 19)
- Re: SHA-1 Hash Michael Johnson (Mar 19)
- RE: SHA-1 Hash daniel . benetka (Mar 19)
- MD5 algorithm BoI base (Mar 22)
- Re: MD5 algorithm Matt Howard (Mar 23)
- Message not available
- Re: Re[2]: MD5 algorithm Matt Howard (Mar 24)
- Message not available
- Re: Re[2]: MD5 algorithm Matt Howard (Mar 25)
- MD5 algorithm BoI base (Mar 22)