Long base passwords
#1
Hello all,

I'm having some trouble cracking some passwords that have a long static base string followed by unknown characters. For instance a password scheme like:

ThisPartIsAlwaysTheSame
ThisPartIsAlwaysTheSame1
ThisPartIsAlwaysTheSame!
ThisPartIsAlwaysTheSame1234
ThisPartIsAlwaysTheSame123456
ThisPartIsAlwaysTheSame1@E$56
ThisPartIsAlwaysTheSameVanessa

I'm invoking as follows (this run's hash is ThisPartIsAlwaysTheSame1234):

C:\Crack\oclHashcat-lite-0.10>oclHashcat-lite64.exe -m 1000 C88C5A5162DE00A89E78A6265C4C0AAB ThisPartIsAlwaysTheSame?a?a?a?a?a?a --pw-min=23 --pw-max=40
oclHashcat-lite v0.10 by atom starting...

Password lengths range: 23 - 40
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 2048MB, 880Mhz, 24MCU
Device #2: Cayman, 2048MB, 880Mhz, 24MCU


c88c5a5162de00a89e78a6265c4c0aab:ThisPartIsAlwaysTheSame1234

Status.......: Cracked
Hash.Target..: c88c5a5162de00a89e78a6265c4c0aab
Hash.Type....: NTLM
Time.Running.: 0 secs
Time.Left....: 0 secs
Plain.Mask...: ThisPartIsAlwaysTheSame?a?a?a?a
Plain.Text...: **isPartIsAlwaysTheSame4\\4
Plain.Length.: 27
Progress.....: 17694720/81450625 (21.72%)
Speed.GPU.#1.: 117.0M/s
Speed.GPU.#2.: 117.4M/s
Speed.GPU.#*.: 234.4M/s
HWMon.GPU.#1.: 0% Util, 69c Temp, 32% Fan
HWMon.GPU.#2.: 0% Util, 69c Temp, 32% Fan

Started: Sat Nov 03 16:39:51 2012
Stopped: Sat Nov 03 16:39:53 2012

This works great until I get over a password length of 27, at which point it seems to truncate what I've asked for.

Invoking with hash for ThisPartIsAlwaysTheSame123456:

C:\Crack\oclHashcat-lite-0.10>oclHashcat-lite64.exe -m 1000 2056CE87BA07FD7F40A5A5C49A1A5873 ThisPartIsAlwaysTheSame?a?a?a?a?a?a --pw-min=23 --pw-max=40
oclHashcat-lite v0.10 by atom starting...

Password lengths range: 23 - 40
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 2048MB, 880Mhz, 24MCU
Device #2: Cayman, 2048MB, 880Mhz, 24MCU

[s]tatus [p]ause [r]esume [q]uit =>
Status.......: Exhausted
Hash.Target..: 2056ce87ba07fd7f40a5a5c49a1a5873
Hash.Type....: NTLM
Time.Running.: 0 secs
Time.Left....: 0 secs
Plain.Mask...: ThisPartIsAlwaysTheSame?a?a?a?a
Plain.Text...: **isPartIsAlwaysTheSame
Plain.Length.: 27
Progress.....: 81450625/81450625 (100.00%)
Speed.GPU.#1.: 117.7M/s
Speed.GPU.#2.: 118.8M/s
Speed.GPU.#*.: 236.5M/s
HWMon.GPU.#1.: 0% Util, 70c Temp, 32% Fan
HWMon.GPU.#2.: 0% Util, 70c Temp, 32% Fan

Started: Sat Nov 03 16:43:16 2012
Stopped: Sat Nov 03 16:43:18 2012

It gives up at ThisPartIsAlwaysTheSame?a?a?a?a without processing the full mask specified.

Do I need a specific switch to get it to go beyond a length of 27, or is there a bug here?
#2
most ntlm implementations only implement one block of md4, which limits the key to 27 characters. while i'm sure atom's implementation differs from this, you can see an example of this algorithm at http://openwall.info/wiki/john/NTLM
#3
Very interesting, and as it turns out there is a wiki page that calls this out specifically:

http://hashcat.net/wiki/doku.php?id=oclhashcat_lite

PHP Code:
Hash-Type        min length        max length
NTLM                1                27 

Does windows itself share this limitation or is it just a common simplification among other implementations? Obviously I can test I just figured someone might know offhand.
#4
Windows doesn't share this implementation, no. This implementation is oriented toward performance. You can get more performance if you make certain assumptions, like e.g. the password is less than 28 chars.
#5
The technical reason behind is that NTLM is unicode version of MD4. After the convert, each input doubles in size. For example the word "password" becomes the size 16.

A single MD4 transformation is limited to the size 64 (block) - 8 (64 bit length) - 1 (stopbit) = 55. Now this explains why you can have only 27 chars in NTLM -> 27 * 2 = 54. but 28 * 2 = 56 which is to long.
#6
Gotcha, this would push it into the next block which requires another transform while keeping internal state, etc.

At least in a situation where a lot of the guesses are in the second block you could compute the first block once and save yourself from having to do it again for the rest of the guesses using that first block. That said I can imagine that putting in the code to handle multiple blocks in the first place could slow down what must be by far the most common case of correctly assuming one block.
#7
That is right but it requires the password (including salt) is at least of size 64.
#8
One more question on max lengths...

For oclhashcat-lite there is that great table that shows all the max lengths on its wiki page.
For oclhashcat-plus the wiki states that all algorithms are capped at 15.
The hashcat wiki on the other hand does not mention any cap and the "Limitations" section says "None." However, by experimentation it is clear there are length caps on hashcat as well.

Would it be possible to update the hashcat wiki with a max length table like the one in the oclhashcat-lite page? These variations in length support without documentation can lead to confusion. I understand there are good reasons for these limitations as the above thread discussed, but I think it would be valuable to document them.

A few I've noticed:
NTLM 27
MD5 55
md5crack 15
#9
Sounds reasonable. Anyone from the wiki maintainers, please copy, the table from oclHashcat and adjust using the following maximum lengths:

Code:
#define PLAIN_SIZE_MD5            55
#define PLAIN_SIZE_SHA1           55
#define PLAIN_SIZE_MYSQL          55
#define PLAIN_SIZE_PHPASS         55
#define PLAIN_SIZE_MD5UNIX        16
#define PLAIN_SIZE_SHA1B64        55
#define PLAIN_SIZE_SHA1B64S       55
#define PLAIN_SIZE_SHA1DJ         55
#define PLAIN_SIZE_MD4            55
#define PLAIN_SIZE_DCC            55
#define PLAIN_SIZE_MD5CHAP        55
#define PLAIN_SIZE_MSSQL          55
#define PLAIN_SIZE_SHA256         55
#define PLAIN_SIZE_MD5APR         16
#define PLAIN_SIZE_SHA512         55
#define PLAIN_SIZE_SHA512UNIX     14
#define PLAIN_SIZE_STDOUT         55
#define PLAIN_SIZE_MD5SUN         55
#define PLAIN_SIZE_OSX1           55
#define PLAIN_SIZE_OSX512         55
#define PLAIN_SIZE_MSSQL2012      55
#define PLAIN_SIZE_DESCRYPT       8
#define PLAIN_SIZE_KECCAK         55
#define PLAIN_SIZE_EPI            55