hashcat Forum Misc General Talk v
MySQL323

Thread Closed 
Threaded Mode
MySQL323
Keeper. Offline
Junior Member
**
Posts: 1
Threads: 1
Joined: Mar 2014
#1
Question  03-07-2014, 11:44 PM (This post was last modified: 03-07-2014, 11:45 PM by Keeper..)
Greetings,

So I was wondering what is really behind the older version of MySQL's hashing algorithm - MySQL 4.1.0? As of MySQL 4.1.1 it's clear that it is sha1(unhex(sha1($pass))) producing a 41-byte string but what about the one that produces a 16-byte string?

Also, why does it have multiple possible plaintext values?

Hope this hasn't been discussed before since I didn't bother to check.
Find
magnum Offline
Member
***
Posts: 143
Threads: 9
Joined: Dec 2012
#2
03-08-2014, 12:38 AM (This post was last modified: 03-08-2014, 12:45 AM by magnum.)
It's a custom hash function. Like most other home-brewn hash functions it has serious flaws for this use. This is a reason you see many hash collisions.

Another reason is simply the fact that the output is as short as 64 bits. Regardless of the quality of a hash function, if it has n bits of output it is simply bound to have at least one hash collision for 2ⁿ+1 inputs.
Find
epixoip Offline
Legend
******
Posts: 2,940
Threads: 12
Joined: May 2012
#3
03-08-2014, 09:45 AM
http://tobtu.com/mysql323.php
http://tobtu.com/mysql323code.php
Find
Thread Closed