wiki example hashes question
#1
Hello.
This is my first post here, but please know that I have been reading extensively, going through google and this forum and the page's wiki and feel I do have an unanswered question (though the answer will no doubt be obvious to whoever knows it, just like watching Jeopardy or Who Wants to Be a Millionaire Wink )

I didn't see anything in the forum rules about posting (or not posting) external links, so I hope it's alright to post one to help clarify the question.

Which is this:
I am focusing my efforts and interests on hash type 3810 -- md5($salt.$pass.$salt).
My hash is in hex (32 characters, 16 hex).
My current understanding of md5($salt.$pass.$salt) is that this 32-bit hex string is sufficient/appropriate.
However, the example on the hashcat wiki for hash type 3810 (as well as several other hash types) is suffixed with ":1234".

My question is: what is this "1234" at the end? It seems generic, as it's appended to several other hash type examples. But where does it come from?

Before beginning to experiment with hashcat, my research brought me to this page:
http://www.insidepro.com/hashes.php?lang=eng
which provides sample output for various hash types, and the md5($salt.$pass.$salt) hash shown there is only 32 bits long, just like my hash that I'm working with.

Using the 3810 hash type on my 32-bit hash obviously throws a "line length exception" error, and testing with the example from the wiki page does not throw the error. So I'm scratching my head over this ":1234" and haven't yet dug up anything to explain it. Maybe it's too obvious and I'm missing the forest for the trees.

Hope the question makes sense.
Many thanks.
#2
You perfectly said it, the obvious answer is : the salt.
'1234' is the salt appended to the hash with the ':' as separator.

(If you don't specify it, hashcat won't guess it by itself)
#3
(05-10-2014, 04:44 AM)Xanadrel Wrote: You perfectly said it, the obvious answer is : the salt.
'1234' is the salt appended to the hash with the ':' as separator.

(If you don't specify it, hashcat won't guess it by itself)

Thank you for the reply.

It's an interesting lead, but leaves me with further questions.

In the wiki example, how does the salt factor in? As the password is "hashcat" is the hex before the ':' separator equal to md5(1234.hashcat.1234)? Is that correct?

In that case, what about two different salts (salt1 and salt2, as it were)? At the moment I am specifically looking at the authentication in a router, where the salt shows up in JSON format (\111\330\ etc.), which I can convert to UTF-8 or hex. The salt(s) change with each password attempt, but I can view the salt(s) that belong with a given hash.

Converting the JSON format salt to hex gives me a total of another 34 bits (salt1=2 bits, salt2=32). Much more than four digits (i.e. 1234)! Given that the wiki examples are indicative of exact appropriate lengths, it seems like the salt in this case must be four digits long.

Am I thinking about salts all wrong? I thought I had a pretty good grasp on this, but a four-digit salt here doesn't fit with what I thought I understood.


Thanks again.
#4
(05-10-2014, 10:13 AM)personguy Wrote: In the wiki example, how does the salt factor in? As the password is "hashcat" is the hex before the ':' separator equal to md5(1234.hashcat.1234)? Is that correct?
Yes.

(05-10-2014, 10:13 AM)personguy Wrote: In that case, what about two different salts (salt1 and salt2, as it were)? At the moment I am specifically looking at the authentication in a router, where the salt shows up in JSON format (\111\330\ etc.), which I can convert to UTF-8 or hex.
You can't use 2 different salts with that hash type, you would need to use either -m 10 and prepend the other salt or -m 20 and append the other salt.

(05-10-2014, 10:13 AM)personguy Wrote: The salt(s) change with each password attempt, but I can view the salt(s) that belong with a given hash.
Are you sure of this ? I doubt the salt(s) would change with each password attempt, or do you mean "password change" by "password attempt" ? In that case yes, whenever you change your password a new salt is generated.

(05-10-2014, 10:13 AM)personguy Wrote: Converting the JSON format salt to hex gives me a total of another 34 bits (salt1=2 bits, salt2=32). Much more than four digits (i.e. 1234)! Given that the wiki examples are indicative of exact appropriate lengths, it seems like the salt in this case must be four digits long.
At least for this hash type (aswell a bunch of other ones) the salt length can vary, it's just an example.

(05-10-2014, 10:13 AM)personguy Wrote: Am I thinking about salts all wrong? I thought I had a pretty good grasp on this, but a four-digit salt here doesn't fit with what I thought I understood.
http://en.wikipedia.org/wiki/Salt_(cryptography)