hashcat Forum

Full Version: SHA1 key stretching
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi all,

I'm completely unsure where to put this so I figured this would be the correct place. How would I integrate a custom SHA1 algo into hashcat to use GPU? The algorithm I am trying to brute force uses SHA1, however it also utilizes key stretching. It hashes into itself 10 times, while adding the KEY.

It starts with: KEY--salt--password-KEY
Then the next time it's: lasthash--salt-password--KEY, and it keeps using the hash from before 10 times.

I've created a perl script to use a wordlist:

Code:
#!/usr/bin/perl

use strict;
use Digest::SHA1;


die "usage: $0 <hash list> <dictionary> <skey>\n" unless @ARGV == 3;
my $skey = $ARGV[2];

open(H, "<$ARGV[0]") || die "bad hash list";

my $i = 0;
$|++;
my $time = time;
while (<H>)
{
    $i++;

    my $sec = time - $time;
    $time = time;
    print "\rTesting hash $i... ($sec secs/hash)";
    chomp;
    my ($h, $s) = split(':');
    open(W, "<$ARGV[1]") || die "bad pass list";
    while (<W>)
    {
        chomp(my $w = $_);
        my $x = "--$s--$w--$skey";
        my $i = $skey;
        $i = Digest::SHA1::sha1_hex($i . $x) for 1 .. 10;
        if ($i eq $h)
        {
            print "\rgot: $h => $w\n";
            last;
        }
    }
    close W;
}

__DATA__    
    for (int b = c_start_block; b < blks; b++) {
        write("Processing block: %d\n", b);
        foreach (words[b * BLKSIZE..(b + 1) * BLKSIZE - 1], w) {
            foreach (hashes; h; s) {
                x = "--" + s + "--" + w + "--" + skey;
                i = skey;
                
                for (n = 0; n < 10; n++) {
                    i = String.string2hex(Crypto.SHA1.hash(i + x));
                }
            
                if (i == h) {
                    write("%s        %s\n", h, w);
                    f_cracked->write("%s:%s\n", h, w);
                }
            }
        }
    }

However, since it's 10 iterations.. it's very slow. So I wanted to utilize GPU. Is this possible with hashcat?
no.
Do you know of any other options (that may support GPU) besides hashcat to speed up the process, epixoip?
not that i know of.
you could probably modify jtr.
(02-04-2013, 05:01 PM)undeath Wrote: [ -> ]you could probably modify jtr.

Thanks for the referral. I was able to build (and share) a JtR format to crack these type of hashes quickly.