It looks like something's wrong with m4510 and m4710
#4
actually, looking at this problem more carefully, I see that you are right and that there could actually be a little problem here.

I was actually thinking about a completely different algorithm,,, but the correct ones are:
Code:
-m 4510 = sha1(sha1($pass).$salt)
-m 4710 = sha1(md5($pass).$salt)

I was thinking about a combination of salt and password concatenated like this:
Code:
$salt . $pass

or

$pass . $salt

but this is not the case for -m 4510, nor for -m 4710 (no total length of salt + length of pass)


The max length within the tests seem also to be wrong
tools/test_modules/m04510.pm
and
tools/test_modules/m04710.pm
should have completely different limits, because for one the internal hashing algorithm is md5, but for the other it's sha1 (so the [0, 15] for the "module_constraints" in the 4710 test unit makes absolutely no sense, it should be 55 - 32, where 32 is the output length of a hexadecimal MD5 hash).... but even this limit is odd/wrong if (as you also say correctly) we have the branch that supports longer salts (for both modes, 4510/4710, the salt is appended to the inner hash output).

Could you please report this on github (https://github.com/hashcat/hashcat/issues) ? we actually have 2 problems here, one is that the test units are wrong and test all lengths correctly and the other problem seems that the branch that would allow longer lengths doesn't work (this needs to be verified/debugged, please also add an example hash/pass to the github issue)
Thank you
Reply


Messages In This Thread
RE: It looks like something's wrong with m4510 and m4710 - by philsmd - 11-08-2021, 06:21 PM