Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: How to md5($salt,$pass) with hex salt
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Dear all,

Could you give me advice how to crack shared secret in radius server replies that's a md5($salt,$pass) with hex salt in Hashcat. It was clear until oclHashcat was depreciated but now... Hashcat supports md5($salt,$pass) but not hex salt, oclHashcat-plus supports hex salt but no generic algorithms... similarly oclHascat-lite.

Request for adding support for the algorithm https://hashcat.net/forum/thread-694.html was refused even though it was promised to support all oclHashcat algorithms in oclHashcat-plus. I understand Atom's reason but new users just need to carefully read documentation on the other hand removing features makes serious problem to advanced users who would like to use - it's incomparable. I think that newbies and less advanced users almost sure will use GUI. There could be switch between basic and advanced user interface in the GUI what solves mentioned problem with confusion of new users achieving support in advanced menu and CLI for advanced ones. Support in oclHashcat-lite will be welcomed as well...

Regards,
Michal.
you can try to exploit oclHashcat-plus using -m 21 and --hex-salt. But test it before, it might depend on salt length.
Thank for advice. I tested access accept with just 32 bytes radius payload that produces 97 character long line in hash file but it doesn't work because of line length exception. More over I need to process payloads from 90 to at least 250 bytes.
This is a lot of data. Note that MD5 transforms are segmented, means they are limited, to 64 byte. It requires another transformation each 64 byte. In other words: It gets slower.
Even though several times quicker then Cain... ;-)

I just need to verify if secrets (unknown to me) are complex enough not to be cracked in meaningful time. Hence if it's not feasible for given secret using highly sophisticated techniques it's OK regardless if it's because of secret length or slowness of algorithm on real world data.