Posts: 11
Threads: 3
Joined: Sep 2012
Hi guys,
I was recently auditing some md5crypt ($1) Unix hashes on CentOS. For dictionary entries size 1-15 I was using oclHashcatplus, while for bigger ones I was using hashcat 0.41, since I've read here that hashcat 0.41, the CPU version, has much higher password limits (55).
I was extremely surprised to discover that for -m 500 (md5crypt), even in hashcat 0.41, the limit is still 16 chars.
Can somebody please confirm / infirm this?
Thanks,
Paul
Posts: 5,185
Threads: 230
Joined: Apr 2010
11-22-2012, 10:46 AM
(This post was last modified: 11-22-2012, 10:46 AM by atom.)
md5crypt works only up to length 16. Thats true also in hashcat cpu.
Posts: 11
Threads: 3
Joined: Sep 2012
Hi atom,
Thanks for the reply.
Would it be hard to increase the limit to 32? I think that with hashcat CPU, the speed is not the most important thing.
You could first try passwords sized 1-15 with oclHashcatplus, then for higher lengths, at least you could try them with the CPU.
Thanks,
P
(11-22-2012, 10:46 AM)atom Wrote: md5crypt works only up to length 16. Thats true also in hashcat cpu.
Posts: 105
Threads: 23
Joined: Apr 2012
As someone who's been running into length limitations lately I would greatly appreciate longer length support. I appreciate the intent on speed for oclhashcat-*, but having an option that supports full length (or at least longer length) passwords would be huge.
paul6990's suggestion of starting with the ocl suite and then moving to CPU for the longer ones seems like a reasonable compromise.
Posts: 5,185
Threads: 230
Joined: Apr 2010
You know how high chances are you find passwords of length 16 and more?
Posts: 105
Threads: 23
Joined: Apr 2012
(11-26-2012, 11:18 AM)atom Wrote: You know how high chances are you find passwords of length 16 and more?
I don't because I can't crack them right now to know.
Okay I can, but it's much much slower.
Your point is well taken, however I do run into situations where there are password schemes (say company name prefixes or the like) or quotes being used "tear down this wall!", "my kingdom for a horse!", etc...
Clearly for the normal user of this tool this won't come up that often, so while I care about it I would also understand if you didn't care much.