Collision or Wrong Hash Type?
#1
I've been working with rules and options on Hashcat-plus trying to get smarter on how they function. In an effort to get some real-world hashes, I grabbed one of the recent pastebin dumps (which shall remain nameless unless requested). They were described as "unsalted MD5" so I ran them against -m 0 using d3ad0ne.rule and a multi-gigabyte wordlist.

This resulted in many of the hashes returning what appear to be random, six-character plain text solutions. I have no way of knowing if these are correct, but given the results of some successful attempts on other hash dumps, I don't think they are real solutions. I guess they could be real, randomly generated plain text but I find it odd that they are all exactly (only) six characters. And there are no non-random-looking solutions in the set.

I tried -m 500 and that didn't like the hashes at all. -m 2600 ran but didn't return any solutions; I didn't let it run extensively.

Any guesses on whether these are real, are simply collisions for basic MD5, or do I have the wrong hash type?
#2
they are certainly not collisions. you cannot generate an md5 collision with only 6 bytes of input data. you need at least 64 bytes. and if you are cracking hashes, then you certainly have the right algorithm.

what you probably found is a fake dump. they are not uncommon, especially among the anonymous types. they claim to have hacked something, use a random password generator to create a few thousand fake hashes, and throw it up on pastebin as "proof" of their hack.

have a look at http://thenextweb.com/insider/2012/07/19...een-faked/
#3
(02-24-2013, 07:37 PM)epixoip Wrote: what you probably found is a fake dump. they are not uncommon, especially among the anonymous types.

<sigh>
Well that explains it. Usually my Google fu would have led me to that but I didn't even think to start digging. Oy.

Thanks man.