PBKDF2-HMAC-SHA256 - Printable Version

PBKDF2-HMAC-SHA256 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: PBKDF2-HMAC-SHA256 (/thread-9188.html)

PBKDF2-HMAC-SHA256 - freeroute - 05-03-2020

I read a nice post about this format: Storing Password in an easy and secure way using Perl

Author wrote, the generated hash:
"The hash will look like this string: {X-PBKDF2}HMACSHA1:AAAD6A:SEvDOw==:1rmVDmR6OgwPEYV5CiwUeYnd+OE="

Can you explain, what the 2nd field (AAAD6A) is for?
Can iteration be determined from this format?

Thank you.

RE: PBKDF2-HMAC-SHA256 - philsmd - 05-03-2020

it's written in the document you linked: https://perlmaven.com/storing-passwords-in-a-an-easy-but-secure-way -> https://metacpan.org/pod/Crypt::PBKDF2 -> "the number of iterations encoded with MIME::Base64"

Code:
$ echo AAAD6A== | base64 -d | xxd -p

000003e8

0x03e8 (hex) == 1000 (dec)

or just use a perl script:

Code:
perl -MMIME::Base64 -e 'print unpack ("L>", decode_base64 ("AAAD6A")) . "\n"'

1000

RE: PBKDF2-HMAC-SHA256 - freeroute - 05-03-2020

Thank you.