Thank you for your reply and for checking this 
I've mistyped the salt. i was copying it manually from my linux box. Sorry for that.
Check again my edited post with updated data.
Any attack you say? At least hashcat is throwing the line lenght exception because of custom salt lenght that don't match other known hashing methods.
Correct me if iÄ…Ä…m wrong.
I've mistyped the salt. i was copying it manually from my linux box. Sorry for that.
Check again my edited post with updated data.
Any attack you say? At least hashcat is throwing the line lenght exception because of custom salt lenght that don't match other known hashing methods.
Correct me if iÄ…Ä…m wrong.
(04-10-2012, 10:18 PM)oxaners Wrote: Any attack on md5($salt.$pass) that prepends ?s should crack this if I understand your algorithm correctly. Essentially you are just prepending "/" to everyone's passwords, then calculating the md5($salt.$pass). If an attacker knows this is the algorithm (they would probably see the pattern after a few results with "/" prepended), they could just prepend the "/" to every string in their dictionary (as long as the password is in their dictionary already as a whole or only needs mangling/appending).
I'm not coming up with the same hash as you for this though, your example should end up being md5( VTw10NR/password ) which I calculate to be 75f10ef81001f0f1e1f90008a69bd409, so maybe I'm missing something?