hashcat Forum
HMAC-SHA1(key=SHA1(password), data=salt) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: HMAC-SHA1(key=SHA1(password), data=salt) (/thread-2467.html)



HMAC-SHA1(key=SHA1(password), data=salt) - gerhard - 07-20-2013

Hello

I have a set of passwords that are first Hashed with SHA-1, which is then used as a HMAC-SHA1 key with a salt message.

HMAC-SHA1(key=SHA1(password), data=salt)

I know hashcat supports SHA1 and HMAC-SHA1 but I can't seem to find out how to combine these methods in hashcat. Any help?

If for some reason this is not possible in hashcat, can anyone recommend any other cracking tool which would allow me to crack these passwords, or provide any hints to rolling my own software (if necessary)? I am determined to get these passwords..


RE: HMAC-SHA1(key=SHA1(password), data=salt) - Rolf - 07-20-2013

I'd say it's -m 150, but I may be wrong.
Can you get a password, say, 12345, into the system and extract the corresponding hash?
That way you'll know for sure whether it's -m 150 or -m 160.


RE: HMAC-SHA1(key=SHA1(password), data=salt) - Kuci - 07-20-2013

No, hashcat does not support this exact combination.


RE: HMAC-SHA1(key=SHA1(password), data=salt) - atom - 07-22-2013

You can run your wordlists through a sha1 converter and then use the result as dictionary in combinations with -m 150 and -m 160.