RAR3 collision and bag
#1
Hi.
Sorry for my english.
I am hacking a Rar archive (-m23800).
Hash $RAR3$1*2.... (obtained with the help of rar2john).
When checking a mask with 6 characters, I get a lot of collisions (for example, more than 1000 collisions).
That is, these passwords do not unpack the archive.
Also tried these passwords in John, they are not successful.

I note that these passwords have a certain similarity with each other.
The question is what does this mean. Hashcat error, or is it normal for rar3.
Could this mean that the password consists of 6 characters and it is somewhere nearby.

MORE! It looks like a bug in hashcat.
All passwords found after the first collision do not pass even in the hashcat itself, if they are checked separately.

Hash: $RAR3$*1*2c65abb73140c9de*acf0d572*16*5*1*a69f1cc9340672079121244d225d0c15*33
First collision: HcdpY1
Example:
step1. cmd: hashcat -m23800 -a3 -w3 -O --keep-guessing $RAR3$*1*2c65abb73140c9de*acf0d572*16*5*1*a69f1cc9340672079121244d225d0c15*33 ?ucdpY?d
step2. result pass: HcdpY1 FcdpY1 IcdpY1 ...
step3. remove potfile.
step4. check FcdpY1 (or later) EXHAUSTED:  hashcat -m23800 -a3 -w3 -O $RAR3$*1*2c65abb73140c9de*acf0d572*16*5*1*a69f1cc9340672079121244d225d0c15*33 FcdpY1
step5. check HcdpY1 CRACKED:  hashcat -m23800 -a3 -w3 -O $RAR3$*1*2c65abb73140c9de*acf0d572*16*5*1*a69f1cc9340672079121244d225d0c15*33 HcdpY1
Reply