Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Mar 2018 18:00:06 -0400
From: Matt Weir <>
Subject: Support for cracking hash collisions

In JtR is there a cracking option that will allow cracking sessions to
continue even after it finds a valid match, with all valid plaintexts being
saved to the POT file? An existing hash format where this would be useful
would be Mysql323, which suffers from having lots of collisions. I’ll admit
my question stems from the pwned password api lookup where it may be
possible to obtain the first five characters of the sha1 hash of a
password. I’d be curious if it would be worthwhile to create a dynamic hash
format to generate tailored dictionaries of collisions to use in other
attacks against stronger hashes.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.