md5(salt.pass) troubles and tricks

[d0znpp]

Finally found:

http://hashcat.net/wiki/mask_attack

Optimized due its partially reverse algorithms, password candidates are generated in the following order:

aaaaaaaa
aaaabaaa
aaaacaaa
.
.
.
aaaaxzzz
aaaayzzz
aaaazzzz
baaaaaaa
baaabaaa
baaacaaa
.
.
.
baaaxzzz
baaayzzz
baaazzzz
.
.
.
zzzzzzzz

[epixoip]

You can also use attack mode 6 (dict + mask) with oclhashcat-plus and use the salts as a dictionary.

[atom]

new plus will support generic md5(salt.pass)

[d0znpp]

Thx... and you can guide the timing of the release of new version?
I would also like to become a beta tester, if possible

[atom]

Become a beta-tester is OK, all you need to do is to send me a test-plan. This ensures you are not trying to become a beta-tester so you have the new algorithms earlier. Otherwise just wait for the new release.

[d0znpp]

And what about ordering?
Test case

Code:

md5(str_repeat('a',16))=='23ca472302f49b3ea5592b146a312da0'

Testing

Code:

./oclHashcat-lite64.bin -m 0 23ca472302f49b3ea5592b146a312da0 -1 abcde ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --pw-min 16 -s 120544432500
false (pass not found)

./oclHashcat-lite64.bin -m 0 23ca472302f49b3ea5592b146a312da0 -1 abcde ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --pw-min 16 -s 120544432499
true (pass found)

What about wiki? It is wrong as i see:

Optimized due its partially reverse algorithms, password candidates are generated in the following order:

aaaaaaaa
aaaabaaa
aaaacaaa
.
.
.
aaaaxzzz
aaaayzzz
aaaazzzz
baaaaaaa
baaabaaa
baaacaaa
.
.
.
baaaxzzz
baaayzzz
baaazzzz
.
.
.
zzzzzzzz

Fuzzing table:

Code:

pass                       pos
aaaaaaaaaaaaaaab   90026854375
aaaaaaaaaaaabaaa   116638182500
aaaaaaaacaaaaaaa   120537791875
aaaaaaaabaaaaaaa   120538182500
aaaaaaaaaaaaaaaa   120544432500

[atom]

will latest version markov kicked in and changed everything. you can try --markov-disable. the wiki needs to be updated, that is true

[d0znpp]

will latest version markov kicked in and changed everything. you can try --markov-disable. the wiki needs to be updated, that is true

and what is order with the --markov-disable option?

Because aaaaaaaaaaaaaaaa is not first in order, but 625 AND (!!!) 152587890255 . Why?!

Code:

./oclHashcat-lite64.bin -m 0 23ca472302f49b3ea5592b146a312da0 -1 abcde ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --pw-min 16 --markov-disable -s 624
oclHashcat-lite v0.10 by atom starting...

Password lengths range: 16 - 55
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 830Mhz, 24MCU
Device #2: Cayman, 1024MB, 830Mhz, 24MCU

                                    
23ca472302f49b3ea5592b146a312da0:aaaaaaaaaaaaaaaa

Status.......: Cracked
Hash.Target..: 23ca472302f49b3ea5592b146a312da0
Hash.Type....: MD5
Time.Running.: 0 secs
Time.Left....: 17 secs
Plain.Mask...: ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Plain.Text...: ****ccaeaaaaaaaa
Plain.Length.: 16
Progress.....: 125829120/152587890625 (0.08%)

Code:

./oclHashcat-lite64.bin -m 0 23ca472302f49b3ea5592b146a312da0 -1 abcde ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --pw-min 16 --markov-disable -s 152587890255
oclHashcat-lite v0.10 by atom starting...

Password lengths range: 16 - 55
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 830Mhz, 24MCU
Device #2: Cayman, 1024MB, 830Mhz, 24MCU

                                    
23ca472302f49b3ea5592b146a312da0:aaaaaaaaaaaaaaaa

Status.......: Cracked
Hash.Target..: 23ca472302f49b3ea5592b146a312da0
Hash.Type....: MD5
Time.Running.: 0 secs
Time.Left....: 0 secs
Plain.Mask...: ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
Plain.Text...: ****abacaaaaaaaa
Plain.Length.: 16
Progress.....: 152587890256/152587890625 (100.00%)

[pragmatic]

new plus will support generic md5(salt.pass)

Great news, thanks atom! Does this include the sha families as well? I've been needing a sha256(salt.pass) for a while so this would be awesome whenever it comes.

[atom]

yes