oclHashcat-plus silently truncates password candidates to 15 characters
While conducting a pentest, I needed to crack a super-admin hash, so I ran oclHashcat-plus on a small wordlist with very efficient rules, no luck.

Just to be sure, I gave john the ripper a shot as it does not have exactly the same mangling rules as hashcat. The password turned out to be admin123admin123.

The reason why oclHashcat-plus did not crack it is because it truncates every password candidate to 15 characters, whatever the hash type.

IMHO, users should be aware about this limitation. Maybe a warning statement when oclhashcat starts (among the startup info lines), or somewhere in the --help output would be truely beneficial for everyone.

Already does it.
[Image: unledlql.png]
What version were you using? Me, I don't have the "Password lengths range: 1 - 15" message you have! Smile Maybe it's because you are on Windows wheras I am on Linux.

Anyway, using oclHashcat-plus-0.05, here is the output I get, and the steps to reproduce:

$ echo -n admin123admin123 | md5sum | cut -d' ' -f1 | tee admin123.md5
$ echo admin123 > admin123.dic
$ cat > dup.rule <<'EOF'
$ /opt/oclHashcat-plus/cudaHashcat-plus -m 0 admin123.md5 admin123.dic -r dup.rule
cudaHashcat-plus v0.5 by atom starting...

Hashes: 1
Salts: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 2
Platform: NVidia compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: GeForce GTX 460, 1023MB, 1300Mhz, 7MCU

Starting attack in wordlist file mode...

Status.......: Exhausted
Hash.Type....: MD5
Input.Mode...: File (admin123.dic)
Time.Running.: 1 sec
Time.Left....: 0 secs
Speed........: 0/s
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 2/2 (100.00%)
HW.Monitor.#1: 0% GPU, 52c Temp

Started: Sun Sep 11 15:32:59 2011
Stopped: Sun Sep 11 15:33:00 2011
Yeah, it was just a newer version, a beta to be exact.
And cats are the same for both Linux and Windows.
done with 0.08