(05-10-2014, 04:44 AM)Xanadrel Wrote: You perfectly said it, the obvious answer is : the salt.
'1234' is the salt appended to the hash with the ':' as separator.
(If you don't specify it, hashcat won't guess it by itself)
Thank you for the reply.
It's an interesting lead, but leaves me with further questions.
In the wiki example, how does the salt factor in? As the password is "hashcat" is the hex before the ':' separator equal to md5(1234.hashcat.1234)? Is that correct?
In that case, what about two different salts (salt1 and salt2, as it were)? At the moment I am specifically looking at the authentication in a router, where the salt shows up in JSON format (\111\330\ etc.), which I can convert to UTF-8 or hex. The salt(s) change with each password attempt, but I can view the salt(s) that belong with a given hash.
Converting the JSON format salt to hex gives me a total of another 34 bits (salt1=2 bits, salt2=32). Much more than four digits (i.e. 1234)! Given that the wiki examples are indicative of exact appropriate lengths, it seems like the salt in this case must be four digits long.
Am I thinking about salts all wrong? I thought I had a pretty good grasp on this, but a four-digit salt here doesn't fit with what I thought I understood.
Thanks again.