Custom password separator in md5($salt.$pass)
#1
Hi.

First of all i'd like to say hello to everybody on this forum as i just got registered.
Second: thanks for such a powerful tool, i'm amazed by it's speed and possibilities Smile
Third: it made me think on the way to protect my hashes and salts from being cracked with this tool.

My question is if can i still use hashcat to crack a password if a random 8 char salt and password variables in php md5() function are separed by a custom character? To make it clearer take a look at this piece of code:

$chars = array_merge(range("a", "z"), range('A', 'Z'), range(0, 9));
shuffle($chars);
$randomChars = array_slice($chars, 0, 8);
$salt = join("", $randomChars);
const SEPARATOR = "/";
$password = "password"
$hash = md5($salt.$separator.$password);

It looks like osCommerce hasher but it's different. The result will be a 32 char hash and a 8 char salt. I need to keep the salt toghether with hash in my db for password comparision in future user login. The example result hashConfusedalt will be like this:
835288cd206223ad81eb78d4dc225823:aVTwl0NR for password "password" and "aVTwl0NR" random 8 char sat.

I've checked all hashcat's algorithms and none worked. Will it eliminate the possibility of crack my password with standard cracking tools available?

Anybody able to crack this password?

I hope i explained myself good enough despite my english.


Messages In This Thread
Custom password separator in md5($salt.$pass) - by dodg3r - 04-10-2012, 09:57 PM