+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Is it a md5 colision ? (/thread-2228.html)
Pages:
1
2
RE: Is it a md5 colision ? - Incisive - 04-15-2013
Awesome job, philsmd!!!
Mem5, I would suggest you put in a Trac ticket with the outfile-format=7 results and philsmd's test cases, since outfile-format=7 should have shown something like the correct:
9a214e678ed4e501d1576326ce84b41c:elec@:656c65634000
7863783c727bc742d503f232f277e327:elec@:656c656340
instead of the clearly incorrect:
9a214e678ed4e501d1576326ce84b41c:elec@:656c656340
7863783c727bc742d503f232f277e327:elec@:656c656340
RE: Is it a md5 colision ? - atom - 04-15-2013
I agree, nice testing philsmd
RE: Is it a md5 colision ? - Mem5 - 04-19-2013
Ok, I'll open a TRAC. Thank you for your help.
Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
RE: Is it a md5 colision ? - atom - 04-19-2013
No, you can not. But I've seen lots of hashlist examples where admins salting hashes with 0-bytes.
RE: Is it a md5 colision ? - Incisive - 04-19-2013
(04-19-2013, 07:51 AM)Mem5 Wrote: Ok, I'll open a TRAC. Thank you for your help.
Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
Easy - just as an application can salt using any set of byte the programer likes, client applications can login using whatever set of byte values they care to send to the server application. Not all hashes come from data a human puts in via a keyboard at time of login!
Alternately, systems like Truecrypt and KeePass can use the contents of a binary file to generate a hash or part of a hash. Perhaps some other applications allow file-based entry.
I don't know enough about widgets like the Yubikey to know if it can do anything like that or not.
RE: Is it a md5 colision ? - philsmd - 06-01-2013
Trac ticket and further discussion about possible solutions are located here: https://hashcat.net/trac/ticket/154