I have a question related to some old hashes like MD5 and SHA-1. Both of them are not very safe for sure, but is there any way to increase its output length? The output length of the MD5 is 32 hex digits or 16 bytes and I want to extend it to 18 bytes (for example).
Is it possible to abuse the standard algorithm this way? Are there any attacks for it? Some kind of value overflow?
I am Reverse Engineering one file and this could be very handy for understanding its workflow. The file itself uses CryptCreateHash function in C++ for hashing (if it is useful information)
Thank you.
No, not in a way you're probably asking about. The hash definition itself relies on a specific size of internal buffers and defines what is the size of the output. You can't extend MD5 output to be longer without making it... not MD5 anymore.
Typically you can "strenthen" a weak hash instead, by repeating the hashing and adding random prefixes to avoid possible rainbow tables. For example in PBKDF2, you can still use older hashes - but because you'd typically use a salt, a HMAC construct, and many hash iterations, it's much harder than the hash itself. For example I wouldn't feel unsafe about my password hashed with PBKDF2-HMAC-MD5 with enough iterations.
PBKDF2 is also a nice system for expanding existing hashes into larger outputs - similar to what you're asking about.