Hi all,

Would it be possible to have added an algorithm that does substr(md5(md5($pass))) ?

It's basically for StuffIt 5 hashes, that are stored as a 40-bit cut from the 160-bit result of double-hashing the password with MD5.

I've seen the feature request from several years ago and even tried to add it myself basing on md5(md5($pass)) code, but I don't get where the code should be added to :p

Thanks in advance.
If you are asking about the code changes you need to do to make this work, it would probably be better to discuss this in the developer section of this forum.

Feature request go directly to github (open a new github issue), but they need to be "justified" and it should be a feature from which many users would benefit. In addition to that it should contain all information listed here:

I will try to answer (in a very general way) your coding question:
1. it may be best to use the already available md5(md5($pass)) kernel e.g. see:
2. based on that kernel you can do some final steps like seen here:, e.g. that only some parts of the final output matches
3. the next step is to add a new parser s.t. the new length is respected and correctly parsed, or just modify/adjust the -m 2600 parser (if you just want to have a fast hack), see md5md5_parse_hash () in

If you just need the first few bytes, you do not need to check all substrings (like done in -m 2600, linked above, where the first, middle and last "hash part" is checked for a match).

BTW: I don't think that this is the correct place to give support for "how to hack the 2600 kernel", so if this information above is not enough for you, we should either think to move this thread to the devs section or to discuss (as mentioned above, given there is a "general interest about this algorithm") on github etc.
Hi philsmd,

Thanks for your response.

I will try to follow the steps you've given. I didn't even found the correct kernel.

I didn't know the best place to write this up, sorry, can you please move it to devs? (I don't think there is enough "general interest" and I don't mind adding it myself, if I can)