sha1($salt.$pass) fails with salt larger than 49 characters
#1
Hi,

As per the topic, sha1($salt.$pass) with a salt larger than 49 characters fails to work properly.

For example, from the plaintext 'bacon' (with salt:hash, in case it isn't immediately obvious):

49 character salt:
12345678901234567890b8d07d079c75d3aaaaaaaaaaaaaaa:6033d8cebf4e8532a1822de2d5d0d999faff6ead

hashcat recovers the password just fine.

50 character salt:
12345678901234567890b8d07d079c75d3aaaaaaaaaaaaaaaa:30d0b1d0453f7b80f7c096f75c19e91e31be9f18

hashcat fails to recover the password, even if using a wordlist containing the plaintext (bruteforce fails too, obviously).

This is cudaHashcat-plus64 on Windows 7, latest build.

Does anyone have any suggestions / workarounds? I'm happy to post any output / debug messages that may be required to help resolve this.

Thanks! Smile
#2
Thats a wanted effect on performance. Unlimited plaintext length (with or without salt) is not supported.
#3
Sorry, I have a correction to make. 49 character salts work with hashcat-cli64.exe.
cudaHashcat-plus64 only appears to work with 15 character salts. 16 character salts fail.

Please excuse any confusion!

Examples with cudaHashcat-plus64 (plaintext still 'bacon'):

15 character salt:
123456789012345:640b865c1bab96a5da28ee04683aca629baa4d7e
Password is recovered.

16 character salt:
1234567890123456:4469cd6e3a95c0e0d4dfe718655c81c001fab491
Password is not recovered. :/
#4
As we talked about on IRC it turned out this is for a software called silverstripe. If more people ask for support of this I will add it.
#5
Yes, I got this problem too. It took me a while to figure this out. Could you please add the support for longer salt. Thanks!