Long length salt problem
#1
Hi,

I'm trying to find a way to revert a password, I know the salt code and format:

SALT = GVph--------  57 lenght salt   -----------------erBB7Q0a

I know the PHP is storing passwords on the database using the same salt always, in this format:

<?php   $pass = md5($salt . $input_password); ?>

$input_password is at least 5 alphanumeric.

so, the total length will start from 62.

the password should not be more then 8 chars length, but I can't run HashCat due to this limitation.

I've just made a test with a password I know, and hashcat was not able to find it.
#2
Is there a question here?
#3
(12-15-2015, 04:42 AM)epixoip Wrote: Is there a question here?

My fault.

Any chance to get HashCat to work with up to -- lets say -- 64 password+salt length?

When I use input format "md5 : salt" the HashCat don't even start, saying "line length exception". 

I remove last 3 characters of the salt, and put in to the mask format: Q0a?d?d?d?d?d... 

so Hashcat can start now, but don't find a password I already know, I think due to this limitation. 

should hashcat at least warn if it is not working due to so long password? (this is another question).

Another suggestion that could work with this case?

I'm trying to make my own delphi app to this job.
#4
hashcat's md5 implementation is optimized for a single block (up to 55 bytes). To go beyond this you need a generic multiblock implementation of md5.