+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Understanding the format for yescrypt (/thread-13624.html)
Understanding the format for yescrypt - ctag - 05-29-2026
Hi,
I am attempting to recover a Linux user password, and in the decade since the last time I used jtr and hashcat things have changed on me. The system is using yescrypt, and I'm having difficulty reformatting the shadow line to match hashcat's format.
From the example hashes wiki page it needs to follow this format:
SCRYPT:16384:8:1:OTEyNzU0ODg=:Cc8SPjRH1hFQhuIPCdF51uNGtJ2aOY/isuoMlMUsJ8c=
The shadow hash has this this format: `$y$j9T$salt$hash`.
Following along with this SO answer the j9T should correspond to SCRYPT:182:4096:32:salt:hash. Using this line with mode -m 70200 results in a token length or encoding exception.
I also came across the format hash guidance wiki page, which mentions the difference between Linux hashes and the expected format for hashcat, but has TBD for a conversion tool.
I'd appreciate any troubleshooting advice.
RE: Understanding the format for yescrypt - penguinkeeper - 05-29-2026
Yeah, this is a slightly different thing. "Yescrypt" and "Scrypt" are different algorithms and "Yescrypt" isn't really supported by Hashcat yet. If you're familiar with development, you can try building and using this branch, which implements it as -m 67000:
https://github.com/hashcat/hashcat/pull/4657