hashcat Forum
Custom iterations count - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Custom iterations count (/thread-4946.html)



Custom iterations count - vladimir125 - 12-28-2015

Hello everyone,

I'll admit this is a pretty weird scenario, but sadly I have to face it.
I have a sha512 salted hash, with custom iterations for each user. For example User A has 7200 iterations, User B 9100 and so on.
(Beats me why they didn't just use bcrypt with a freaking high cost value)

Any suggestions on how can I deal with it?
Github forking is the only way?


RE: Custom iterations count - philsmd - 12-28-2015

What are the details about the algorithm used?
"sha512 salted with custom iterations" doesn't really say much.
There are many different ways to use "sha512", "iterations" and "salt" all within a hashing scheme.

Do you mean something like sha512crypt ? PBKDF2-HMAC-SHA512 ? or is it really "just" some salted sha512 iterations ?
If so, when is the salt used (on each and every iteration? appended or prefixed)? Are hexadecimal or binary digests used etc?

Also see https://hashcat.net/wiki/doku.php?id=example_hashes


RE: Custom iterations count - vladimir125 - 12-28-2015

Since I don't have access to the code base, I can only perform an educated guess.
The hash resembles plain sha512 algorithm, the salt is something like 104e8bd5-462f-4974-a508-f2963be9da75

I suspect the developer followed the logic of Drupal hashing and "improved" it.
Since I have a small-medium collection (24k hashes), I was thinking about trying to validate the hash using very common passwords (ie password, 123456) until a match is found. Then is business as usual Big Grin