+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: Two hashes one result - why? (/thread-4153.html)
Two hashes one result - why? - agoago - 03-04-2015
I got two hashes
hash number 1:
Code:
$ml$26246$87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f$4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1ccc0380351252b5215a3b064dd9fa00513566db80a297858473828882305b8cehash number 2:
Code:
$ml$26246$87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f$4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1ccc0380351252b5215a3b064dd9fa00513566db80a297858473828882305b8ce0437f57d7b9da19fe19d2384d7221d7e8264a6f035562ab1937b57948856eff531f60777ee5f71aa3507cc5b71caee7cf39b914623230e7f844401cb29f6df84Both produce the same password. How is it possible?
RE: Two hashes one result - why? - undeath - 03-04-2015
they are salted and seemingly even different algorithms judging from the size.
RE: Two hashes one result - why? - atom - 03-04-2015
it's the same hash:
87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f
and the same salt (only first 512 bit matter)
4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1
and the same iteration count.
RE: Two hashes one result - why? - agoago - 03-04-2015
I know it same salt and same iteration. But hash is different. One is much longer than another.
RE: Two hashes one result - why? - atom - 03-04-2015
They are not
RE: Two hashes one result - why? - agoago - 03-04-2015
well I guess there is more about hashing I need to learn.
RE: Two hashes one result - why? - philsmd - 03-04-2015
There is not much you need to learn here. It is very simple.
OS X v10.8+ (-m 7100) uses PBKDF2, which allows to have a variable output (digest/hash) length.
oclHashcat doesn't care much about this hash length (it could be very long, or just the minimum length), but the only thing to know is that given the same password and salt you will end up with the same hash (which you could extend in length or not).
But why would one care about the length, if oclHashcat did find the correct password and hence the hash was cracked everything is fine. So why should/would oclHashcat try to distiguish them if they are identical (except the output size)?