Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Reduced MD5
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
first of all i want to thank you all dev's for this outstanding software. it give me 1087.8M/s on GTX480 - core i7 centos i686 linux workstation wich is amazing comparing to 5M/s with lcrack (Lepton's Crack)

the reason for this post is to ask Reduced MD5 hash support in 'Attack modes'
this is absolutely the same as MD5 except it store only first 8 bytes of hash (not 16) for better memory/cpu usage (also it reduce mysql/oracle sizes for large db)

i.e.
# echo -n 123456 | md5sum
e10adc3949ba59abbe56e057f20f883e -
and Reduced MD5 hash is
e10adc3949ba59ab

e.g. (user:hash = pass)
user1:e10adc3949ba59ab = 123456
user2:5f4dcc3b5aa765d6 = password
user3:cb1d65bec7c1bd48 = Samsung777

the C code looks pretty simple:
!memcmp(h0, h1, 8 * sizeof(BYTE));
instead of:
!memcmp(h0, h1, 16 * sizeof(BYTE));
also function that load hash'es must be modified to accept only 8 bytes

whith this future i can find my hashes
and you can get even better performance!!! usual 16 bytes md5 hashes - you can load/compare with only 8 bytes!!!

please please please Angel
well i just think how to code this

Code:
if(reduced)
  return !memcmp(h0, h1, 8 * sizeof(BYTE));
else
  return !memcmp(h0, h1, 16 * sizeof(BYTE));

or set size during init...
Code:
if(reduced_option)
  md5size = 8 * sizeof(BYTE);
else
  md5size = 16 * sizeof(BYTE);
  ...
return !memcmp(h0, h1, md5size);

unfortunately in both cases another variable is used wich of course reduce perfomance in normal md5 mode. therefore probably this is a bad idea Sad

but how about quick hack? i can load hashes like
e10adc3949ba59ab0000000000000000
5f4dcc3b5aa765d60000000000000000
cb1d65bec7c1bd480000000000000000
- and only thing needed is to compare 8 bytes not 16

im stuck in disassembling oclHashcat32.bin, have no idea how to fix this in hex editor

p.s.: how about to compare 8 bytes in all cases and modes? this saves memory and cpu, and still gives 100% hit Big Grin
the compare code is in the kernel not in the oclhashcat binary. however this is a single-user request so it will have lower priority. if i have some spare time i will add it.
thanks for reply
lost the whole day trying to fix PTX CUDA assembler code without success Sad its too hard (even reading nvidia isa specs did't help)

my kernel: kernels/4318/m0000.kernel
I would be very grateful if you can generate new code that compare only first 8 bytes, and put it here so i can replace it.

really stuck with some hashes that really needed, lost months with lcrack and udc/raindowcrack, that sad.

edit: also probably is better to use hash's like e10adc3949ba59ab1111111111111111 then e10adc3949ba59ab0000000000000000
Is there a solution for the truncate md5 ? I have see a few database which use this trick and this defeat 100% of all md5 cracker.
Maybe you can add just a simple loop to scan for the truncate hash.

e10adc3949ba59ab****************
*e10adc3949ba59ab***************
**e10adc3949ba59ab**************

thanks.
I dont know of any. It would require a special new kernel to do it.
PPro supports truncated hashes, but only if the trailing part is cut off, not the leading one.
Thanks for the infos. Passwordspro seems the perfect tool. There is lot of possibility with custom md5.