hashcat Forum
rfc2898DeriveBytes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: rfc2898DeriveBytes (/thread-7846.html)



rfc2898DeriveBytes - quiya - 10-01-2018

Hello Everybody

Sorry if I post here the question and it is the wrong place. I´m new here and new with hashcat.

I´m development my own application and I´m using rfc2898DeriveBytes with .net.

I would like to know if hashcat can be used to testing penetration with rfc2898DeriveBytes, Because I´m using 4096 iterations and 24 Length


Code:
Rfc2898DeriveBytes(pass, salt, iterations)
return rfc2898DeriveBytes.GetBytes(24);

private byte[] CreateHash(string password, byte[] salt, long iterations)
    {
        byte[] hash;
        using (var hashGenerator = new Rfc2898DeriveBytes(pass, salt, (int)iterations))
        {
            hash = hashGenerator.GetBytes(_byteLength);
        }

        return hash;
    }

If it can be done, what it is the correct Algorithms?
How can I pass the iterations?


Thank you very much for your time
Regards


RE: rfc2898DeriveBytes - undeath - 10-01-2018

What is "rfc2898DeriveBytes" supposed to be? RFC2898 specifies mulitple KDFs, one of them being the supported PBKDF2 algorithm.

But anyway, all the algorithms in that RFC are not recommended nowadays. Use argon2, scrypt or bcrypt (in that order of preference).


RE: rfc2898DeriveBytes - quiya - 10-01-2018

(10-01-2018, 11:51 AM)undeath Wrote: What is "rfc2898DeriveBytes" supposed to be? RFC2898 specifies mulitple KDFs, one of them being the supported PBKDF2 algorithm.

But anyway, all the algorithms in that RFC are not recommended nowadays. Use argon2, scrypt or bcrypt (in that order of preference).

Thank you very much for your response and your recommendation

For now, has to be this algorithm , because it is used in the old App. I can´t change it in this version. 

So, I have read and hashcat support :

  • PBKDF2-HMAC-MD5
  • PBKDF2-HMAC-SHA1
  • PBKDF2-HMAC-SHA256
  • PBKDF2-HMAC-SHA512
So if I want to try, how can be used? Because I don´t see the argument of iterations, pass and salt.

Sorry if this question don´t have sense. I never used hashcat, I was looking for testing penetrations and I found it, I decide to try it.


Thanks you.
Regards


RE: rfc2898DeriveBytes - undeath - 10-01-2018

check out https://hashcat.net/wiki/doku.php?id=example_hashes

modes 10900 11900 12000 12100


RE: rfc2898DeriveBytes - quiya - 10-01-2018

(10-01-2018, 01:38 PM)undeath Wrote: check out https://hashcat.net/wiki/doku.php?id=example_hashes

modes 10900 11900 12000 12100

Thank you very much for your support. Very grateful.