MD5 hash in Python
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
|
show 1 more comment
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
I have been given a file with user and passwords in the format: $id$salt$hashed.
Where ID stands for the type of encryption and id=1 stands for FreeBSD-style MD5.
There is an example in which I know the password= "alice"
jsmith: $1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/:10063:0:99999:7:::
So I have done this in Python to check
import hashlib
passw='alice'
salt='kDHTx'
hashed= hashlib.md5(salt+passw).hexdigest()
print('What i get is: '+hashed)
print('What i should: '+'WKRXXT1P7UtjvU7CQ9eWs')
But I dont even get the format correctly:
What i get is: ba359e6dd36371c4dc5c187aac11e0d8
What i should: WKRXXT1P7UtjvU7CQ9eWs
What am I doing wrong? Or even understanding wrong from the begining?
python encryption hash md5
python encryption hash md5
edited Nov 21 '18 at 16:36
19mike95
asked Nov 21 '18 at 16:11
19mike9519mike95
5518
5518
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
Why do you think you should getWKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.
– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37
|
show 1 more comment
1 Answer
1
active
oldest
votes
You need to use the crypt
library. A $1$
hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt
is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt
to the crypt.crypt
function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You need to use the crypt
library. A $1$
hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt
is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt
to the crypt.crypt
function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
You need to use the crypt
library. A $1$
hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt
is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt
to the crypt.crypt
function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
You need to use the crypt
library. A $1$
hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt
is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt
to the crypt.crypt
function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
You need to use the crypt
library. A $1$
hash is representative of a Unix-based MD5.
>>> import crypt
>>> crypt.crypt('alice', crypt.METHOD_MD5)
$1$tlyP8ine$I9F3AiUCIgOjREqbx6WUg0
The salt
is randomised by the function, to ensure a new hash is generated each time you run the command.
To replicate the creation of an existing hash, you can pass the existing hash as the salt
to the crypt.crypt
function:
>>> crypt.crypt('alice', '$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/')
$1$kDHTx$WKRXXT1P7UtjvU7CQ9eWs/
edited Feb 16 at 13:59
answered Nov 21 '18 at 16:28
AdamAdam
384113
384113
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
Yes sorry, i edit it now. Thanks
– 19mike95
Nov 21 '18 at 16:34
2
2
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
It looks like you can pass the whole $1$... source password as the 'salt' in python 3.x's crypt function to reuse the salt:
Since a few crypt(3) extensions allow different values, with different sizes in the salt, it is recommended to use the full crypted password as salt when checking for a password.
– Max
Nov 21 '18 at 16:43
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
could you show me an example?
– 19mike95
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
Nice, I'll add that to the post
– Adam
Nov 21 '18 at 16:48
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
By the way, is crypt just for Python 3 or superior?
– 19mike95
Nov 21 '18 at 16:59
|
show 3 more comments
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53416164%2fmd5-hash-in-python%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Why do you think you should get
WKRXXT1P7UtjvU7CQ9eWs
? The result from python looks correct, because the result has to be hexadecimal (I didn't calculate the hash myself). Maybe that result you provided uses some other encoding.– The Quantum Physicist
Nov 21 '18 at 16:13
It is the example I have been given, and at least the format of the Hashed should be the same.
– 19mike95
Nov 21 '18 at 16:15
Just one recommendation: Don't use md5 for hashing because that's vulnerable to gpu and asics attacks. Use something advanced like argon2. Check what I did here.
– The Quantum Physicist
Nov 21 '18 at 16:18
I am not hashing for security its just an exercise where i have to get as many passwords as possible from the /etc/shadow file. And regarding my initial question, can it be any kind of format issue?
– 19mike95
Nov 21 '18 at 16:23
2
Note: Neither md5 nor shadow are encryption, and this is not a hexdigest since it has both uppercase and lowercase letters.
– Max
Nov 21 '18 at 16:37