Hello Markus,
the relevant sting: $1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt.
salt with optinal '$' at the end: GXJzVR5J$
how to get the password/md5 (which is test) from this string:
vS4wC7AW6hV8TvLu6Dtxt.
I think there might be some confusion related to the fact that the acronym
"MD5" is usually referred to in two different contexts:
1) The usual MD5 hash (as calculated by, for example, md5sum) is a 128-bit
hash of an arbitrary sequence of bytes. It's usually written in the form
"098f6bcd4621d373cade4e832627b4f6" (the MD5 sum of the string 'test').
2) The MD5-based password-hashing algorithm (i.e. the one used to hash the
passwords in /etc/shadow) is only -based- on MD5, it's not the plain MD5.
The full algorithm is a lot more complicated and the computation of MD5
hash of some data is repeated many times in it. Although the result of
this computation is also a 128-bit string, it's usually stored in a
different format -- namely, Base64-encoded.
If you want all the gory details of the algorithm, have a look at crypt/
directory in glibc sources. That's the algorithm used by crypt() function
in glibc, if you provide it with salt of the right form (one beginning
with $1).
Peter
PS. Going off the top of my memory, so bits or all of what I've written
above might be wrong :-)
--
[Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
