md5($salt.$pass) slower than md5($pass.$salt)
#2
The difference isn't that much for me in benchmarks and some real cracking sessions, but I agree that there is some difference.

The speed difference mainly comes from where the position of the password is. for "$pass . $salt" the password is always at offset 0, while for "$salt . $pass" the position/offset of the password is variable/"unknown"/flexible.
There are some other minor differences and of course especially -a 3 together with -O try to optimize things a lot.

Maybe you could give some more information on what you are trying to do and how your strategy is and we could probably give some clever tricks on how to optimize your attack from an user perspective (I guess you already try to set -w 3 and -O etc ?) .

It's also important to know how many hashes you are trying to crack.... and which attack mode you are using (-a 0 or -a 3 ?)
For instance, with dictionary attack and only one single hash, it could make sense to append/prepend the salt with rules etc ...

More info is always better to understand what exactly you are doing and to see if there is some room to improve your attack strategy
Reply


Messages In This Thread
RE: md5($salt.$pass) slower than md5($pass.$salt) - by philsmd - 07-13-2020, 08:30 AM