hashcat Forum

hashcat Forum > Misc > General Talk > MySQL323
Full Version: MySQL323
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Keeper.

03-07-2014, 11:44 PM
Greetings,

So I was wondering what is really behind the older version of MySQL's hashing algorithm - MySQL 4.1.0? As of MySQL 4.1.1 it's clear that it is sha1(unhex(sha1($pass))) producing a 41-byte string but what about the one that produces a 16-byte string?

Also, why does it have multiple possible plaintext values?

Hope this hasn't been discussed before since I didn't bother to check.

magnum

03-08-2014, 12:38 AM
It's a custom hash function. Like most other home-brewn hash functions it has serious flaws for this use. This is a reason you see many hash collisions.

Another reason is simply the fact that the output is as short as 64 bits. Regardless of the quality of a hash function, if it has n bits of output it is simply bound to have at least one hash collision for 2ⁿ+1 inputs.

epixoip

03-08-2014, 09:45 AM
http://tobtu.com/mysql323.php
http://tobtu.com/mysql323code.php
hashcat Forum > Misc > General Talk > MySQL323