NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Website Feedback - Colons in Passwords seem to break import


3 Results - Page 1 of 1 -
1
Author Message
Avatar
zyx4cba

Status: n/a
Joined: Tue, 22 Nov 2011
Posts: 52
Team:
Reputation: 31 Reputation
Offline
Tue, 06 Mar 2012 @ 15:39:48

What is the problem?
There is a glitch with the import of passwords containing colons.

Why is it a problem?
I keep posting these two passwords here in the "found" section since a while, but they are never removed from the next version of 32/40_hex. The commonality is the : contained.

MD5 example
1c7c55c2ec49a6f585bff462e3dddaff:http://www.kurt-tucholsky-gesamtschule.de
SHA1 example
0024321b5cf7cd9e6d0d67226dcca25f19701e52:http://www.stringfunction.com/

How can it be solved?
The parser checking for the colon separator between hash-hex and password should make sure to really find the first colon in a string. In terms of regular expressions: '^.*?:' and not '^.*:'


Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3214
Team: HashKiller
Reputation: 4165 Reputation
Offline
Tue, 06 Mar 2012 @ 15:51:36

Strange, they should have been added although they are longer than 31 chars, I filter these out as I don't really want to add 32/40 char hex found passwords as I would rather have the actual string. Added those 2 for now but I'll rewrite the code so this doesn't happen


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 1JZGVq58m4RS1QQS8JE5xndzDFy2BvGU6y
GPU Power: 9x GTX 1070 + 6x GTX 1080

Avatar
zyx4cba

Status: n/a
Joined: Tue, 22 Nov 2011
Posts: 52
Team:
Reputation: 31 Reputation
Offline
Tue, 06 Mar 2012 @ 17:47:09

blandyuk said:

I don't really want to add 32/40 char hex found passwords as I would rather have the actual string.

Good to know, was about to ask that anyway. I can filter them right before i post to the forum, will adapt my own code.

My own rationale for having so many hashes in my pot is because of what i call "hex pumping". I have a little script which applies known hashes to a new pot, which gives typically a few 1000 hits for a fresh 32/40_hex. Then i add these to 32/40 because I run more attacks against MD5/SHA1 than against the formulas. This way i hope to crack a few nested ones with a normal MD5/SHA1 run. This works because before export, I feed all passwords found in a period to all formulas. Can't say the effect / improvement on crack rate is massive, but it is real.

What if you implemented an algorithm along this lines. When a hash has cracked to another hash, you remove it from 32_hex and add it to a new file, say 32_formulas_hex. The overall idea is to reduce the size of 40/32 because this in the end allows faster cracking. I sort of do this all locally for myself, btw. Again the effect is not massive, but real.

Alternatively, you could replace the original hash with the one it resolved to, by this "bubbling" hashes upstream, removing nesting layers.
edited by zyx4cba on 06/03/2012



3 Results - Page 1 of 1 -
1

We have a total of 197687 messages in 24451 topics.
We have a total of 21732 registered users.
Our newest registered member is jess4340.