(04-11-2012, 12:24 AM)undeath Wrote: This is because atom creates custom optimized modules per hash type. That make me wonder why is the cudaHascat throwing the line lenght exception with the same hash?
Just to make it straight - i'm not going to use this type of hashing in a webapp or nothing.īTW, i've just tested appending the "/" separator first to the salt and then to the wordlist and i was able to recover the password using hashcat 0.38 in mode 2.
If i do something that's not popular/not implemented in popular password crackers/webpages i'd be safe for now, right? Or maybe is as easy as modifying the source code (if available) of some of those tools ? OK, maybe it is pseudo secure crap but untill someone requests it ocHhashcat can't do it. Or 8 char salt and append "/" to all words in the dictionary, like oxaners said. I'm not coming up with the same hash as you for this though, your example should end up being md5( VTw10NR/password ) which I calculate to be 75f10ef81001f0f1e1f90008a69bd409, so maybe I'm missing something? If an attacker knows this is the algorithm (they would probably see the pattern after a few results with "/" prepended), they could just prepend the "/" to every string in their dictionary (as long as the password is in their dictionary already as a whole or only needs mangling/appending). Essentially you are just prepending "/" to everyone's passwords, then calculating the md5($salt.$pass). (04-10-2012, 10:18 PM)oxaners Wrote: Any attack on md5($salt.$pass) that prepends ?s should crack this if I understand your algorithm correctly. Sorry for that.Ĭheck again my edited post with updated data.Īny attack you say? At least hashcat is throwing the line lenght exception because of custom salt lenght that don't match other known hashing methods. i was copying it manually from my linux box. Thank you for your reply and for checking this
I hope i explained myself good enough despite my english. Will it eliminate the possibility of crack my password with standard cracking tools available? I've checked all hashcat's algorithms and none worked. The example result hash alt will be like this:Ĩ35288cd206223ad81eb78d4dc225823:aVTwl0NR for password "password" and "aVTwl0NR" random 8 char sat. I need to keep the salt toghether with hash in my db for password comparision in future user login. The result will be a 32 char hash and a 8 char salt. It looks like osCommerce hasher but it's different. $randomChars = array_slice($chars, 0, 8) My question is if can i still use hashcat to crack a password if a random 8 char salt and password variables in php md5() function are separed by a custom character? To make it clearer take a look at this piece of code:
Third: it made me think on the way to protect my hashes and salts from being cracked with this tool. Second: thanks for such a powerful tool, i'm amazed by it's speed and possibilities First of all i'd like to say hello to everybody on this forum as i just got registered.