Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OclHashcat password length limitation?
05-17-2010, 07:10 AM
Post: #1
OclHashcat password length limitation?
Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?
Find all posts by this user
05-17-2010, 10:51 AM
Post: #2
RE: OclHashcat password length limitation?
(05-17-2010 07:10 AM)mastercracker Wrote:  Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?

nice try Smile

the current maximum length of a password that oclHashcat can find is 15. since you're combining two lists this requires at least one char per word. thats why oclHashcat skips all words in a wordlist/mask with a length < 1 or > 14. this limitation is based on a performance optimization. if i raise the limitation from 15 to 30 chars the speed drops between 5% - 15% (on MD5).

iirc joomla uses 16 and 32 byte salts, so you have currently no chance to workaround the problem. wait for a later release that supports -m 1 / -m 2.

--
atom
Visit this user's website Find all posts by this user
01-31-2011, 06:07 PM
Post: #3
RE: OclHashcat password length limitation?
note: oclHashcat supports -m 1 and -m 2 in the meanwhile
Visit this user's website Find all posts by this user