Signal database password on Android
#1
I want to test recover of my old Signal Android database password with Hashcat.  The sourcecode for the app https://github.com/signalapp/Signal-Andr...ecret.java makes it look like database uses PBDKF2 with SHA1 but when I try crack known password using hashcat format 12000 sha1:iteration:hashConfusedalt I exhaust the guesses. The hash ends in = and salt in == so that looks right, but I notice Signal doing some weird PCKS 5 stuff in https://github.com/signalapp/Signal-Andr...tUtil.java

Can I use last 20 bytes of mastersecret or is there AES component prior to PBKDF2 comparison?


Messages In This Thread
Signal database password on Android - by deeppurple - 06-08-2018, 11:30 PM