+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat Support (https://hashcat.net/forum/forum-21.html)
+--- Thread: OclHashcat password length limitation? (/thread-32.html)
OclHashcat password length limitation? - mastercracker - 05-17-2010
Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?
RE: OclHashcat password length limitation? - atom - 05-17-2010
(05-17-2010, 07:10 AM)mastercracker Wrote: Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?
nice try
the current maximum length of a password that oclHashcat can find is 15. since you're combining two lists this requires at least one char per word. thats why oclHashcat skips all words in a wordlist/mask with a length < 1 or > 14. this limitation is based on a performance optimization. if i raise the limitation from 15 to 30 chars the speed drops between 5% - 15% (on MD5).
iirc joomla uses 16 and 32 byte salts, so you have currently no chance to workaround the problem. wait for a later release that supports -m 1 / -m 2.
--
atom
RE: OclHashcat password length limitation? - atom - 01-31-2011
note: oclHashcat supports -m 1 and -m 2 in the meanwhile