Is it a md5 colision ?
#11
Awesome job, philsmd!!!

Mem5, I would suggest you put in a Trac ticket with the outfile-format=7 results and philsmd's test cases, since outfile-format=7 should have shown something like the correct:
9a214e678ed4e501d1576326ce84b41c:elec@:656c65634000
7863783c727bc742d503f232f277e327:elec@:656c656340

instead of the clearly incorrect:
9a214e678ed4e501d1576326ce84b41c:elec@:656c656340
7863783c727bc742d503f232f277e327:elec@:656c656340
#12
I agree, nice testing philsmd
#13
Ok, I'll open a TRAC. Thank you for your help.

Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
#14
No, you can not. But I've seen lots of hashlist examples where admins salting hashes with 0-bytes.
#15
(04-19-2013, 07:51 AM)Mem5 Wrote: Ok, I'll open a TRAC. Thank you for your help.

Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!

Easy - just as an application can salt using any set of byte the programer likes, client applications can login using whatever set of byte values they care to send to the server application. Not all hashes come from data a human puts in via a keyboard at time of login!

Alternately, systems like Truecrypt and KeePass can use the contents of a binary file to generate a hash or part of a hash. Perhaps some other applications allow file-based entry.

I don't know enough about widgets like the Yubikey to know if it can do anything like that or not.
#16
Trac ticket and further discussion about possible solutions are located here: https://hashcat.net/trac/ticket/154