+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: Long length salt problem (/thread-4910.html)
Long length salt problem - maintenance - 12-15-2015
Hi,
I'm trying to find a way to revert a password, I know the salt code and format:
SALT = GVph-------- 57 lenght salt -----------------erBB7Q0a
I know the PHP is storing passwords on the database using the same salt always, in this format:
<?php $pass = md5($salt . $input_password); ?>
$input_password is at least 5 alphanumeric.
so, the total length will start from 62.
the password should not be more then 8 chars length, but I can't run HashCat due to this limitation.
I've just made a test with a password I know, and hashcat was not able to find it.
RE: Long length salt problem - epixoip - 12-15-2015
Is there a question here?
RE: Long length salt problem - maintenance - 12-15-2015
(12-15-2015, 04:42 AM)epixoip Wrote: Is there a question here?
My fault.
Any chance to get HashCat to work with up to -- lets say -- 64 password+salt length?
When I use input format "md5 : salt" the HashCat don't even start, saying "line length exception".
I remove last 3 characters of the salt, and put in to the mask format: Q0a?d?d?d?d?d...
so Hashcat can start now, but don't find a password I already know, I think due to this limitation.
should hashcat at least warn if it is not working due to so long password? (this is another question).
Another suggestion that could work with this case?
I'm trying to make my own delphi app to this job.
RE: Long length salt problem - epixoip - 12-15-2015
hashcat's md5 implementation is optimized for a single block (up to 55 bytes). To go beyond this you need a generic multiblock implementation of md5.