Help with long salt
#1
Hello, i have an hash that is:
md5(md5($salt).md5($pass)).
my problem is that the salt is 104 characters long, so Hashcat(win/ubuntu) and oclHashcat(win) with -m2811 complain for line length exception.
Now, since I know the salt I tought I could get the md5 of it and use mode 3710:
md5($salt.md5($pass))
But some tests with another generated hash indicates that hc doesn't recognize the hash so I won't be able to use mode 3710 instead of 2811.
I read in another post that max hashConfusedalt length is 55 for hashcat so I wanted to use oclHashcat, but I can't use it on ubuntu 13.10 (catalysts won't work), I can't use a legacy version of catalysts (and I can't find a compatibility match with Xserver, ubuntu, catalyst and linux kernel altogether) and can't use a legacy version of oclHashcat (because of the self-imposed timeout that forces me to update version..how ironic) and on windows version the hash mode 3710 simply is not included.
Is there a way to crack this hash?
Thanks in advance for every suggestion and advice.
#2
That's currently not supported, sorry.
#3
What about md5-hashing the salt then? Why can't I use -m3710 that way?
#4
Because that is not solving the problem. Then you are just making a hash of the salt. You cannot do what you want with hashcat.
#5
(03-11-2014, 08:42 PM)coolbry95 Wrote: Because that is not solving the problem. Then you are just making a hash of the salt. You cannot do what you want with hashcat.

read the first post again. That's actually what he needs.
#6
Sorry, I suck at explaining myself.. I try my best:
I have an hash and a long (104 chars) salt:
xx_md5_hash_xx:xx_very_long_salt_xx...
the format of this hash is md5(md5($salt).md5($pass)).
oclHashcat with -m2811 doesn't accept the salt because it's too long.
However, oclhashcat supports -m3710 that is md5($salt.md5($pass)).
If I do md5($salt) myself and use oclHashcat with -m3710 it should accept and crack it:
xx_same_hash_as_before_xx:xx_md5_of_long_salt_xx
however, when I tried it with a test hash generated by me in php it doesn't crack it.
That seems strange. I can post the code to generate and do the test if it helps.
If I am misundertanding the hash formats then please someone could explain what I am not understanding.
Thank you very much for the support, this is a great program.
#7
At least for older versions I remember 55 chars to be a limit. 2*md5 = 64 chars. Not sure if this still applies.
#8
(03-12-2014, 08:37 PM)undeath Wrote: At least for older versions I remember 55 chars to be a limit. 2*md5 = 64 chars. Not sure if this still applies.
Yep, It seems the case with the long salt and -m2811.
However HC with the md5($salt) and -m3710 doesn't throw a line length exception, it goes on trying to crack the hash, but it fails even if the correct password is in the wordlist.
#9
Why would it throw a line length exception? The hash is not overlong, the dictionary word is. It has to be truncated or rejected but that's anoher story.

Edit: Ah, yes it should be able to detect that the salt is too long.