hashcat Forum

Full Version: SHA1 - Unable to use MD5 as a password
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Is it correct functionality of hashcat that a password of 32 characters (MD5) cannot be used for SHA1 in hashcat?

I was trying to use md5's as potential passwords but found this limitation. Passwords of 31 characters are OK.

Is there any way around this?
First, the limit on 31 is not true for all cases, there's ways to support up to 55: https://hashcat.net/wiki/doku.php?id=fre...ord_length

Anyway, to crack the supposed algorithm, use -m 4700 not -m 100
Well if I understood your 1st post right you want to crack a SHA-1 hash which in plaintext is a 32 char long hex-string right?
You would have to use the attackmode 1 which is combinator, in this mode your plaintext can go up to 55 chars, as atom already linked.
EDIT:
(06-23-2016, 02:16 PM)zeroprobe Wrote: [ -> ]I split my MD5's in the middle.

Combination won't work, too many combinations. I got mixed up.

Is there any way to use a wordlist of md5 hashes as passwords for a SHA1?
What if you take your MD5s, chop off the last character, and then use combinator to out it back on? Slow, but faster than anything else.
why don't you just use -m 4700
(06-25-2016, 10:52 AM)atom Wrote: [ -> ]why don't you just use -m 4700

Doesn't seem to crack with 4700. However taking off 1 character of the md5 password allows it.

Are you able to test? Do you have the same issue.
see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#
(06-26-2016, 10:14 AM)atom Wrote: [ -> ]see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#

I understand now, hashcat will do the real time conversion of the passwords to MD5 to use against the SHA1.

I was using password lists of MD5s.