hashcat Forum
MySQL323 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: MySQL323 (/thread-3210.html)

MySQL323 - Keeper. - 03-07-2014


So I was wondering what is really behind the older version of MySQL's hashing algorithm - MySQL 4.1.0? As of MySQL 4.1.1 it's clear that it is sha1(unhex(sha1($pass))) producing a 41-byte string but what about the one that produces a 16-byte string?

Also, why does it have multiple possible plaintext values?

Hope this hasn't been discussed before since I didn't bother to check.

RE: MySQL323 - magnum - 03-08-2014

It's a custom hash function. Like most other home-brewn hash functions it has serious flaws for this use. This is a reason you see many hash collisions.

Another reason is simply the fact that the output is as short as 64 bits. Regardless of the quality of a hash function, if it has n bits of output it is simply bound to have at least one hash collision for 2ⁿ+1 inputs.

RE: MySQL323 - epixoip - 03-08-2014