Hi.
First of all i'd like to say hello to everybody on this forum as i just got registered.
Second: thanks for such a powerful tool, i'm amazed by it's speed and possibilities
Third: it made me think on the way to protect my hashes and salts from being cracked with this tool.
My question is if can i still use hashcat to crack a password if a random 8 char salt and password variables in php md5() function are separed by a custom character? To make it clearer take a look at this piece of code:
$chars = array_merge(range("a", "z"), range('A', 'Z'), range(0, 9));
shuffle($chars);
$randomChars = array_slice($chars, 0, 8);
$salt = join("", $randomChars);
const SEPARATOR = "/";
$password = "password"
$hash = md5($salt.$separator.$password);
It looks like osCommerce hasher but it's different. The result will be a 32 char hash and a 8 char salt. I need to keep the salt toghether with hash in my db for password comparision in future user login. The example result hashalt will be like this:
835288cd206223ad81eb78d4dc225823:aVTwl0NR for password "password" and "aVTwl0NR" random 8 char sat.
I've checked all hashcat's algorithms and none worked. Will it eliminate the possibility of crack my password with standard cracking tools available?
Anybody able to crack this password?
I hope i explained myself good enough despite my english.
First of all i'd like to say hello to everybody on this forum as i just got registered.
Second: thanks for such a powerful tool, i'm amazed by it's speed and possibilities
Third: it made me think on the way to protect my hashes and salts from being cracked with this tool.
My question is if can i still use hashcat to crack a password if a random 8 char salt and password variables in php md5() function are separed by a custom character? To make it clearer take a look at this piece of code:
$chars = array_merge(range("a", "z"), range('A', 'Z'), range(0, 9));
shuffle($chars);
$randomChars = array_slice($chars, 0, 8);
$salt = join("", $randomChars);
const SEPARATOR = "/";
$password = "password"
$hash = md5($salt.$separator.$password);
It looks like osCommerce hasher but it's different. The result will be a 32 char hash and a 8 char salt. I need to keep the salt toghether with hash in my db for password comparision in future user login. The example result hashalt will be like this:
835288cd206223ad81eb78d4dc225823:aVTwl0NR for password "password" and "aVTwl0NR" random 8 char sat.
I've checked all hashcat's algorithms and none worked. Will it eliminate the possibility of crack my password with standard cracking tools available?
Anybody able to crack this password?
I hope i explained myself good enough despite my english.