Unsupported format (md5($salt.$pass) / Wordpress)?

[jeroen]

I'd like to audit some Worpress hashes. Hash format is 00112233445566778899aabbccddeeff:0011. According to documentation, it's format is md5($salt.$pass), AKA phpass. A quick test with JtR show that the format is correct: known test hashes are successfully cracked (using --format=phpass).

Using hashcat, the hashes are not accepted:

• m=400: format is incorrect according to https://hashcat.net/wiki/doku.php?id=example_hashes:
  400 phpass, WordPress (MD5), Joomla (MD5) $P$984478476IagS59wHZvyQMArzfx58u.Makes sense, hashcat is expecting $P$etc.
  
• m=20: format is incorrect according to https://hashcat.net/wiki/doku.php?id=example_hashes:
  20 md5($salt.$pass) f0fda58630310a6dd91a7d8f0a4ceda2:4225637426Makes sense as well: my salt is shorter than expected, 4 instead of 10 nibbles. 
  

Is it possible to convert my hashes to m=400 of m=20? Perhaps any other options? Thanks!

[atom]

Very old wordpress used raw MD5 instead of phpass. You can not convert between them. If you use -m 20, it's perfectly fine to use shorter salts than the one shown in the example hash page. This is just an example.