MD5 hash in Python
1
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
|
show 1 more comment
1
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
1
1
1
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
python encryption hash md5
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
edited Nov 21 '18 at 16:36
19mike95
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
5518
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
1 Answer
1
active
oldest
votes
3
You need to use the crypt library. A $1$ hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
answered Nov 21 '18 at 16:28
AdamAdam
384113
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
3
You need to use the crypt library. A $1$ hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
answered Nov 21 '18 at 16:28
AdamAdam
384113
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
3
You need to use the crypt library. A $1$ hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
answered Nov 21 '18 at 16:28
AdamAdam
384113
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
3
3
3
You need to use the crypt library. A $1$ hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
answered Nov 21 '18 at 16:28
AdamAdam
384113
You need to use the crypt library. A $1$ hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt to the crypt.crypt function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
answered Nov 21 '18 at 16:28
AdamAdam
384113
edited Feb 16 at 13:59
answered Nov 21 '18 at 16:28
AdamAdam
384113
answered Nov 21 '18 at 16:28
AdamAdam
384113
answered Nov 21 '18 at 16:28
AdamAdam
384113
384113
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.– Max
Nov 21 '18 at 16:43
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37