Posts: 621
Threads: 57
Joined: May 2010
Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?
Posts: 5,185
Threads: 230
Joined: Apr 2010
(05-17-2010, 07:10 AM)mastercracker Wrote: Hi. I was trying to speed up the cracking of Joomla hashes which is md5(pass.salt) by using a regular attack for MD5 algorithm. The way to do it is using a combinatory attack using a combination of a regular dictionary and a list of salts. The problem is that there seems to be a limitation in the length of passwords that OclHashcat takes in the dictionary. If I cut the salts to length 12, it detects all salts. If I use salts of length 16 and above, it detects 0 line in the dictionary and says that there is no combination possible. Is it an issue that can be solved?
nice try
the current maximum length of a password that oclHashcat can find is 15. since you're combining two lists this requires at least one char per word. thats why oclHashcat skips all words in a wordlist/mask with a length < 1 or > 14. this limitation is based on a performance optimization. if i raise the limitation from 15 to 30 chars the speed drops between 5% - 15% (on MD5).
iirc joomla uses 16 and 32 byte salts, so you have currently no chance to workaround the problem. wait for a later release that supports -m 1 / -m 2.
--
atom
Posts: 5,185
Threads: 230
Joined: Apr 2010
note: oclHashcat supports -m 1 and -m 2 in the meanwhile