Sorry to bug folks, but I just recently needed to learn about cracking. I have passwords from a system and the policy is 15 character, 1 upper, 1 lower, 1 number, 1 special character. They are salted md5 hashes. When I look at the math, this seems impossible. Would dictionaries make much of a difference with this sort of length or is this a completely losing situation?
based on your previous post, i presume you are cracking md5crypt hashes, not salted md5 as you state.
brute force would indeed be impossible. wordlist-based attacks are your best bet, but you will need to plan your attacks very carefully since you will only be able to make a very limited number of guesses.
with that password policy, most of the passwords will start with an uppercase and end with digits. since the minimum length is so long, most people will likely use compound words. start with that.
Thank you very much for the guidance. I'm working with hashes from a shadow file and I think they're salted ($1$xxxxx$xxxxxxxxxxxxx). Regardless, I am very appreciative for your help.
(03-23-2013, 11:52 PM)epixoip Wrote: [ -> ]based on your previous post, i presume you are cracking md5crypt hashes, not salted md5 as you state.
brute force would indeed be impossible. wordlist-based attacks are your best bet, but you will need to plan your attacks very carefully since you will only be able to make a very limited number of guesses.
with that password policy, most of the passwords will start with an uppercase and end with digits. since the minimum length is so long, most people will likely use compound words. start with that.