Two hashes one result - why? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: Two hashes one result - why? (/thread-4153.html) |
Two hashes one result - why? - agoago - 03-04-2015 I got two hashes hash number 1: Code: $ml$26246$87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f$4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1ccc0380351252b5215a3b064dd9fa00513566db80a297858473828882305b8ce hash number 2: Code: $ml$26246$87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f$4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1ccc0380351252b5215a3b064dd9fa00513566db80a297858473828882305b8ce0437f57d7b9da19fe19d2384d7221d7e8264a6f035562ab1937b57948856eff531f60777ee5f71aa3507cc5b71caee7cf39b914623230e7f844401cb29f6df84 Both produce the same password. How is it possible? RE: Two hashes one result - why? - undeath - 03-04-2015 they are salted and seemingly even different algorithms judging from the size. RE: Two hashes one result - why? - atom - 03-04-2015 it's the same hash: 87487bb03941a7d1e702cc54ee81e7f61e5e46f554b47677279a59185baaba5f and the same salt (only first 512 bit matter) 4b98bb3ebefd1c7195aa991916b7d7e683e992fd9a9d1355533456d62bad58c1 and the same iteration count. RE: Two hashes one result - why? - agoago - 03-04-2015 I know it same salt and same iteration. But hash is different. One is much longer than another. RE: Two hashes one result - why? - atom - 03-04-2015 They are not RE: Two hashes one result - why? - agoago - 03-04-2015 well I guess there is more about hashing I need to learn. RE: Two hashes one result - why? - philsmd - 03-04-2015 There is not much you need to learn here. It is very simple. OS X v10.8+ (-m 7100) uses PBKDF2, which allows to have a variable output (digest/hash) length. oclHashcat doesn't care much about this hash length (it could be very long, or just the minimum length), but the only thing to know is that given the same password and salt you will end up with the same hash (which you could extend in length or not). But why would one care about the length, if oclHashcat did find the correct password and hence the hash was cracked everything is fine. So why should/would oclHashcat try to distiguish them if they are identical (except the output size)? |