Issue with ChaCha20
#1
Hi,
Trying to crack the sample ChaCha20 hash from the source code :

Code:
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$chacha20$*0400000000000003*35*0200000000000001*3961626364656667*8a152c57a7a856a8";

Code:
hashcat -m 15400 cha.hash wdlist.txt
wdlist.txt contains 'hashcat'

Code:
Status...........: Exhausted
Hash.Name........: ChaCha20
Hash.Target......: $chacha20$*0400000000000003*35*0200000000000001*3961626364656667*8a152c57a7a856a8
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:1 Thr:1024 Vec:1
Speed.#*.........:        0 H/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 1/1 (100.00%)
...

Why Rejected.........: 1/1 (100.00%) ?

Same result on hashcat v5.1.0 and beta 5.1.0+1394.
Same result with the hash from samlple page https://hashcat.net/wiki/doku.php?id=example_hashes

Thanks.
Reply
#2
hmm, I see the problem here. it's not very clear what is going on (at least for the general hashcat user ! )

The key in theory is always 32 bytes, but it's neither mentioned within the example wiki page, nor is the ST_PASS in src/modules/module_15400.c correctly reflecting this fact (even though module_pw_min () and module_pw_max () set the password length to 32 fixed (but "hashcat" is used for ST_PASS).

for now this password will work:
$HEX[6861736863617400000000000000000000000000000000000000000000000000]

i.e. "hashcat" but expanded to 32 bytes with NUL bytes appended (up to 32 bytes)


Since the code is able to do the expansion internally, we should just set pw_min to 0 i.e. in module_pw_min (), or skip it entirely since the default minimum password is zero.

We probably need a github issue for this mentioning to remove the pw_min restriction.
Reply
#3
Got it.
Thanks, I've created a github issue : https://github.com/hashcat/hashcat/issues/2199
Reply