Collision or Wrong Hash Type? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: Collision or Wrong Hash Type? (/thread-2097.html) |
Collision or Wrong Hash Type? - baglock - 02-24-2013 I've been working with rules and options on Hashcat-plus trying to get smarter on how they function. In an effort to get some real-world hashes, I grabbed one of the recent pastebin dumps (which shall remain nameless unless requested). They were described as "unsalted MD5" so I ran them against -m 0 using d3ad0ne.rule and a multi-gigabyte wordlist. This resulted in many of the hashes returning what appear to be random, six-character plain text solutions. I have no way of knowing if these are correct, but given the results of some successful attempts on other hash dumps, I don't think they are real solutions. I guess they could be real, randomly generated plain text but I find it odd that they are all exactly (only) six characters. And there are no non-random-looking solutions in the set. I tried -m 500 and that didn't like the hashes at all. -m 2600 ran but didn't return any solutions; I didn't let it run extensively. Any guesses on whether these are real, are simply collisions for basic MD5, or do I have the wrong hash type? RE: Collision or Wrong Hash Type? - epixoip - 02-24-2013 they are certainly not collisions. you cannot generate an md5 collision with only 6 bytes of input data. you need at least 64 bytes. and if you are cracking hashes, then you certainly have the right algorithm. what you probably found is a fake dump. they are not uncommon, especially among the anonymous types. they claim to have hacked something, use a random password generator to create a few thousand fake hashes, and throw it up on pastebin as "proof" of their hack. have a look at http://thenextweb.com/insider/2012/07/19/data-from-the-anonymous-attack-on-oil-companies-may-have-been-faked/ RE: Collision or Wrong Hash Type? - baglock - 02-24-2013 (02-24-2013, 07:37 PM)epixoip Wrote: what you probably found is a fake dump. they are not uncommon, especially among the anonymous types. <sigh> Well that explains it. Usually my Google fu would have led me to that but I didn't even think to start digging. Oy. Thanks man. |