MD5 hash in Python
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike95
5518
|
show 1 more comment
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike95
5518
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike95
5518
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike95
5518
asked Nov 21 '18 at 16:11
19mike95
5518
edited Nov 21 '18 at 16:36
asked Nov 21 '18 at 16:11
19mike95
5518
asked Nov 21 '18 at 16:11
19mike95
5518
asked Nov 21 '18 at 16:11
19mike95
5518
5518
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
1 Answer
1
active
oldest
votes
So, you need to use a totally different library.
The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.
import crypt
crypt.crypt('alice', crypt.METHOD_MD5)
The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.
To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
The second argument in crypt.crypt function is taken as the salt.
Thanks Max in the comments.
answered Nov 21 '18 at 16:28
Adam
1809
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
So, you need to use a totally different library.
The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.
import crypt
crypt.crypt('alice', crypt.METHOD_MD5)
The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.
To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
The second argument in crypt.crypt function is taken as the salt.
Thanks Max in the comments.
answered Nov 21 '18 at 16:28
Adam
1809
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
So, you need to use a totally different library.
The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.
import crypt
crypt.crypt('alice', crypt.METHOD_MD5)
The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.
To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
The second argument in crypt.crypt function is taken as the salt.
Thanks Max in the comments.
answered Nov 21 '18 at 16:28
Adam
1809
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
So, you need to use a totally different library.
The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.
import crypt
crypt.crypt('alice', crypt.METHOD_MD5)
The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.
To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
The second argument in crypt.crypt function is taken as the salt.
Thanks Max in the comments.
answered Nov 21 '18 at 16:28
Adam
1809
So, you need to use a totally different library.
The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.
import crypt
crypt.crypt('alice', crypt.METHOD_MD5)
The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.
To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
The second argument in crypt.crypt function is taken as the salt.
Thanks Max in the comments.
answered Nov 21 '18 at 16:28
Adam
1809
edited Nov 21 '18 at 16:50
answered Nov 21 '18 at 16:28
Adam
1809
answered Nov 21 '18 at 16:28
Adam
1809
answered Nov 21 '18 at 16:28
Adam
1809
1809
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.– Max
Nov 21 '18 at 16:43
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37