MD5 hash in Python












1














I have been given a file with user and passwords in the format: $id$salt$hashed.



Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.



There is an example in which I know the password= "alice"



jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::


So I have done this in Python to check



import hashlib

passw='alice'
salt='kDHTx'

hashed= hashlib.md5(salt+passw).hexdigest()

print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')


But I dont even get the format correctly:



What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs


What am I doing wrong? Or even understanding wrong from the begining?










share|improve this question
























  • Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
    – The Quantum Physicist
    Nov 21 '18 at 16:13












  • It is the example I have been given, and at least the format of the Hashed should be the same.
    – 19mike95
    Nov 21 '18 at 16:15










  • Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
    – The Quantum Physicist
    Nov 21 '18 at 16:18












  • I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
    – 19mike95
    Nov 21 '18 at 16:23






  • 2




    Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
    – Max
    Nov 21 '18 at 16:37


















1














I have been given a file with user and passwords in the format: $id$salt$hashed.



Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.



There is an example in which I know the password= "alice"



jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::


So I have done this in Python to check



import hashlib

passw='alice'
salt='kDHTx'

hashed= hashlib.md5(salt+passw).hexdigest()

print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')


But I dont even get the format correctly:



What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs


What am I doing wrong? Or even understanding wrong from the begining?










share|improve this question
























  • Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
    – The Quantum Physicist
    Nov 21 '18 at 16:13












  • It is the example I have been given, and at least the format of the Hashed should be the same.
    – 19mike95
    Nov 21 '18 at 16:15










  • Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
    – The Quantum Physicist
    Nov 21 '18 at 16:18












  • I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
    – 19mike95
    Nov 21 '18 at 16:23






  • 2




    Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
    – Max
    Nov 21 '18 at 16:37
















1












1








1







I have been given a file with user and passwords in the format: $id$salt$hashed.



Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.



There is an example in which I know the password= "alice"



jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::


So I have done this in Python to check



import hashlib

passw='alice'
salt='kDHTx'

hashed= hashlib.md5(salt+passw).hexdigest()

print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')


But I dont even get the format correctly:



What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs


What am I doing wrong? Or even understanding wrong from the begining?










share|improve this question















I have been given a file with user and passwords in the format: $id$salt$hashed.



Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.



There is an example in which I know the password= "alice"



jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::


So I have done this in Python to check



import hashlib

passw='alice'
salt='kDHTx'

hashed= hashlib.md5(salt+passw).hexdigest()

print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')


But I dont even get the format correctly:



What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs


What am I doing wrong? Or even understanding wrong from the begining?







python encryption hash md5






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 21 '18 at 16:36

























asked Nov 21 '18 at 16:11









19mike95

5518




5518












  • Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
    – The Quantum Physicist
    Nov 21 '18 at 16:13












  • It is the example I have been given, and at least the format of the Hashed should be the same.
    – 19mike95
    Nov 21 '18 at 16:15










  • Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
    – The Quantum Physicist
    Nov 21 '18 at 16:18












  • I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
    – 19mike95
    Nov 21 '18 at 16:23






  • 2




    Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
    – Max
    Nov 21 '18 at 16:37




















  • Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
    – The Quantum Physicist
    Nov 21 '18 at 16:13












  • It is the example I have been given, and at least the format of the Hashed should be the same.
    – 19mike95
    Nov 21 '18 at 16:15










  • Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
    – The Quantum Physicist
    Nov 21 '18 at 16:18












  • I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
    – 19mike95
    Nov 21 '18 at 16:23






  • 2




    Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
    – Max
    Nov 21 '18 at 16:37


















Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13






Why do you think you should get WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13














It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15




It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15












Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18






Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18














I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23




I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23




2




2




Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37






Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37














1 Answer
1






active

oldest

votes


















3














So, you need to use a totally different library.



The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.



import crypt

crypt.crypt('alice', crypt.METHOD_MD5)


The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.



To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:



>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/


The second argument in crypt.crypt function is taken as the salt.



Thanks Max in the comments.






share|improve this answer























  • Yes sorry, i edit it now. Thanks
    – 19mike95
    Nov 21 '18 at 16:34






  • 2




    It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
    – Max
    Nov 21 '18 at 16:43












  • could you show me an example?
    – 19mike95
    Nov 21 '18 at 16:48










  • Nice, I'll add that to the post
    – Adam
    Nov 21 '18 at 16:48










  • By the way, is crypt just for Python 3 or superior?
    – 19mike95
    Nov 21 '18 at 16:59











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














So, you need to use a totally different library.



The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.



import crypt

crypt.crypt('alice', crypt.METHOD_MD5)


The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.



To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:



>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/


The second argument in crypt.crypt function is taken as the salt.



Thanks Max in the comments.






share|improve this answer























  • Yes sorry, i edit it now. Thanks
    – 19mike95
    Nov 21 '18 at 16:34






  • 2




    It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
    – Max
    Nov 21 '18 at 16:43












  • could you show me an example?
    – 19mike95
    Nov 21 '18 at 16:48










  • Nice, I'll add that to the post
    – Adam
    Nov 21 '18 at 16:48










  • By the way, is crypt just for Python 3 or superior?
    – 19mike95
    Nov 21 '18 at 16:59
















3














So, you need to use a totally different library.



The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.



import crypt

crypt.crypt('alice', crypt.METHOD_MD5)


The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.



To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:



>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/


The second argument in crypt.crypt function is taken as the salt.



Thanks Max in the comments.






share|improve this answer























  • Yes sorry, i edit it now. Thanks
    – 19mike95
    Nov 21 '18 at 16:34






  • 2




    It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
    – Max
    Nov 21 '18 at 16:43












  • could you show me an example?
    – 19mike95
    Nov 21 '18 at 16:48










  • Nice, I'll add that to the post
    – Adam
    Nov 21 '18 at 16:48










  • By the way, is crypt just for Python 3 or superior?
    – 19mike95
    Nov 21 '18 at 16:59














3












3








3






So, you need to use a totally different library.



The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.



import crypt

crypt.crypt('alice', crypt.METHOD_MD5)


The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.



To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:



>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/


The second argument in crypt.crypt function is taken as the salt.



Thanks Max in the comments.






share|improve this answer














So, you need to use a totally different library.



The $1$ hash is representative of a Unix-based MD5, which can be created using the crypt library.



import crypt

crypt.crypt('alice', crypt.METHOD_MD5)


The salt is generated seperately, so everytime you run the command, the crypt library will generate a different salt, making the actual hash value different each time.



To replicate the creation of your hash, you can pass the existing hash as the salt to the crypt.crypt function:



>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/


The second argument in crypt.crypt function is taken as the salt.



Thanks Max in the comments.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 21 '18 at 16:50

























answered Nov 21 '18 at 16:28









Adam

1809




1809












  • Yes sorry, i edit it now. Thanks
    – 19mike95
    Nov 21 '18 at 16:34






  • 2




    It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
    – Max
    Nov 21 '18 at 16:43












  • could you show me an example?
    – 19mike95
    Nov 21 '18 at 16:48










  • Nice, I'll add that to the post
    – Adam
    Nov 21 '18 at 16:48










  • By the way, is crypt just for Python 3 or superior?
    – 19mike95
    Nov 21 '18 at 16:59


















  • Yes sorry, i edit it now. Thanks
    – 19mike95
    Nov 21 '18 at 16:34






  • 2




    It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
    – Max
    Nov 21 '18 at 16:43












  • could you show me an example?
    – 19mike95
    Nov 21 '18 at 16:48










  • Nice, I'll add that to the post
    – Adam
    Nov 21 '18 at 16:48










  • By the way, is crypt just for Python 3 or superior?
    – 19mike95
    Nov 21 '18 at 16:59
















Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34




Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34




2




2




It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43






It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt: Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43














could you show me an example?
– 19mike95
Nov 21 '18 at 16:48




could you show me an example?
– 19mike95
Nov 21 '18 at 16:48












Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48




Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48












By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59




By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python