Brute-force with only half of the cipher text

Brute-force with only half of the cipher text - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Brute-force with only half of the cipher text (/thread-6492.html)

Brute-force with only half of the cipher text - sverrets - 04-19-2017

Hi!

I want to brute-force DES and recover the key. The problem is that I only have the first half of the cipher text, but the entire plain text.

Example:

Plain text: 0000 0000 0000 0000
Cipher text: 1111 1111 ???? ????

Is it possible to brute-force this and get all possible keys as output? I have another first half of a cipher text, so I then want to brute-force which of the first keys are used.

Is it something like this?

hashcat -m 14000 0000000000000000:11111111?????????? -o cracked.txt -a 3 -1 ./hashcat-3.40/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 3

RE: Brute-force with only half of the cipher text - sverrets - 04-19-2017

Will this work?

hashcat -m 14000 0000000000000000:11111111?b?b?b?b -i -o cracked.txt -a 3 -1 ./hashcat-3.40/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 3

RE: Brute-force with only half of the cipher text - atom - 04-20-2017

No, this is not supported. Also you'd end up with 2^(32-8) possible passwords, which is surely not what you want.

RE: Brute-force with only half of the cipher text - al1984 - 04-29-2017

I am also looking for something similar, but I know the cipher text, but only 3 bytes out of 8 bytes of the plaintext.
Can something be implemented for this in the next version of hashcat? (To exhaust all of the keyspace of DES, and give you all of the possible keys that correspond to the match of the known cipher text with the partial known plain text)

RE: Brute-force with only half of the cipher text - MattSR - 06-23-2017

You don't have enough information to be able to recover a key.

Put simply, if you only know the first three bytes of the ciphertext, then that leaves 5 bytes unknown, which leaves up to (2^40) = 1,099,511,627,776 possible combinations.

In the example in the first post, there are 8 hex chars missing, which gives 16 bits of unknown information, or (2^32) potential candidates which equals 4,294,967,296 possibilities.