SHA1 with long salt - alternatives?

SHA1 with long salt - alternatives? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: SHA1 with long salt - alternatives? (/thread-3296.html)

SHA1 with long salt - alternatives? - ockraren - 04-11-2014

Hi,

I have a number of salted SHA1 hashes that i'm trying to crack with oclhashcat. The salt is known to me.

Quote:Hash function: SHA1
Mode: 120 = sha1($salt.$pass)
Salt length = 45 characters
AMD HD 7800

When I run the application it does not find a match even though I know that the dictionary contain the correct passwords. The application does not display an error message about salt:hash lines being to long although it finds matches the salt is shortened.

My first question is whether it is true that the salt:hash line cant be any longer than 55 characters (or around there)? Are there any workarounds?

I understand that you are not looking to increase the length of the salt:hash line any time soon since it will have an adverse effect on the speed in general. My second question is therefore if you have any suggestions on other software or techniques suitable for this task. Im looking for a solution that can utilize the GPU of my computer.

Thanks in advance
/O

RE: SHA1 with long salt - alternatives? - undeath - 04-13-2014

it's not the length of hash Confused

alt that matters but salt+password length with is restricted to 55 chars. For longer combinations you can try jtr.

RE: SHA1 with long salt - alternatives? - ockraren - 04-14-2014

Thank you for your reply.

If the restriction is 55 characters for salt+password then I should be fine. However, oclhashcat does not find any of my passwords with a 45 character long salt.

To make an example, I have the password bubbaloo, of which I have made two hashes. The hashes each have different salts.

This is the hashfile:

9f3a76b19306930a84f530c8a5c26ee3230c7da4:fEPjA41CNVq6qTfxz4E4fFhcY3iMnrvi8CSy6xQ1SBgty
762d62203db3103cc98e9f2b9b2d9930a237802c:12

The password is in my dictionary (it's the only word). Oclhashcat finds only the second password. Any suggestions as to why?

RE: SHA1 with long salt - alternatives? - tibit - 04-14-2014

As undeath wrote:
[salt+password length with is restricted to 55 chars]

Seems that your Hash+salt is 85 characters: (too long)
9f3a76b19306930a84f530c8a5c26ee3230c7da4:fEPjA41CNVq6qTfxz4E4fFhcY3iMnrvi8CSy6xQâ€‹1SBgty

RE: SHA1 with long salt - alternatives? - atom - 04-14-2014

there are many restrictions.

one is that pass + salt can not be longer than 55
but there is another one both pass or salt can not be longer than 32

RE: SHA1 with long salt - alternatives? - ockraren - 04-15-2014

Thank you both for the clarifications.