+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Character separator for salted hashes (/thread-6538.html)
Character separator for salted hashes - devilsadvocate - 05-06-2017
With most salted hash types that are available in hashcat, I see that a single dot is used as a character separator for the password and salt.
One example is:
120 | sha1($salt.$pass) | Raw Hash, Salted and/or Iterated
With hash type 120 as an example, could hash type 100 be used in combination with a mode 7 hybrid attack, assuming that the salt value was short enough to make a mask attack practical?
7 | Hybrid Mask + Wordlist
Also, is there an actual dot as part of most salted values or is that just extra syntax to denote a separate password and salt?
In other words, again, using hash type 120 as an example, do I need to concern myself with an actual dot character being part of the SHA1 encrypted value?
Which one of these gets encrypted with hash type 120? Does it happen with a dot or without a dot?
sha1($salt.$pass)
sha1($salt$pass)
RE: Character separator for salted hashes - epixoip - 05-06-2017
The dot represents concatenation. If there was a literal dot we'd write e.g. sha1($salt.'.'.$pass)
You can simulate sha1($salt.$pass) by running sha1($pass) with -a 7, sure. But this is not a good idea with multiple salts because then you will not eliminate any salts once all hashes with that salt have been cracked. In other words, Hashcat is smarter than you
