OclHashcat password length limitation?
(05-17-2010, 07:10 AM)mastercracker Wrote: Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?

nice try Smile

the current maximum length of a password that oclHashcat can find is 15. since you're combining two lists this requires at least one char per word. thats why oclHashcat skips all words in a wordlist/mask with a length < 1 or > 14. this limitation is based on a performance optimization. if i raise the limitation from 15 to 30 chars the speed drops between 5% - 15% (on MD5).

iirc joomla uses 16 and 32 byte salts, so you have currently no chance to workaround the problem. wait for a later release that supports -m 1 / -m 2.


Messages In This Thread
RE: OclHashcat password length limitation? - by atom - 05-17-2010, 10:51 AM