05-07-2020, 06:07 PM
All,
I am looking for help with getting HC to run against some keys and salts extracted from .bfa files encrypted by Blowfish Advanced CS 2.57 (on sourceforge).
I read through their manual and found the following excerpt:
"Let our password be "helloworld". We want to create a key of 128 bits (16 bytes). The SHA-1 allows us to input as much data bytes as we want to, and puts out a hash of 160 bits (20 bytes). A hash (also called digest) is the same like a CRC32 checksum, but secure for encryption purposes.
To resize the 20 bytes of the hash to the required 16 bytes for the key we take the first 16 bytes of the hash and XOR the rest of 4 bytes over the beginning of these 16 bytes. By this we don't ignore any part of the hash:
password: "helloworld"
|
SHA-1
|
a3d4ff09e22710946702eab2cc382596a8e3197322
a3d4ff09e22710946702eab2cc382596a8
||||||||
XOR e3197322
||||||||
key: 40cd8c2be22710946702eab2cc382596a8
In the second example we assume that our password is still "helloworld" but we need a key for Blowfish which has the required length of 56 bytes.
As already mentioned SHA-1 only returns 20 bytes. So we have to create 36 additional bytes from the password by the following way: we hash the password with SHA-1 and get 20 bytes. Then we add those 20 bytes to the original password and hash the modified password again. The result is a new hash which means 20 new bytes for our key. Due to the modified password this new hash is completely different from the first one. Now we append this second hash to the modified password again and rehash it to get the last 20 bytes. Of course now we have 4 bytes too much, so we XOR them over the first hash as we did in the first example. Now we have the needed 56 bytes for the Blowfish encryption algorithm.
Please remember that your password is always combined with 11 bytes of salt."
Any help is appreciated.
<-Romeo3442->
I am looking for help with getting HC to run against some keys and salts extracted from .bfa files encrypted by Blowfish Advanced CS 2.57 (on sourceforge).
I read through their manual and found the following excerpt:
"Let our password be "helloworld". We want to create a key of 128 bits (16 bytes). The SHA-1 allows us to input as much data bytes as we want to, and puts out a hash of 160 bits (20 bytes). A hash (also called digest) is the same like a CRC32 checksum, but secure for encryption purposes.
To resize the 20 bytes of the hash to the required 16 bytes for the key we take the first 16 bytes of the hash and XOR the rest of 4 bytes over the beginning of these 16 bytes. By this we don't ignore any part of the hash:
password: "helloworld"
|
SHA-1
|
a3d4ff09e22710946702eab2cc382596a8e3197322
a3d4ff09e22710946702eab2cc382596a8
||||||||
XOR e3197322
||||||||
key: 40cd8c2be22710946702eab2cc382596a8
In the second example we assume that our password is still "helloworld" but we need a key for Blowfish which has the required length of 56 bytes.
As already mentioned SHA-1 only returns 20 bytes. So we have to create 36 additional bytes from the password by the following way: we hash the password with SHA-1 and get 20 bytes. Then we add those 20 bytes to the original password and hash the modified password again. The result is a new hash which means 20 new bytes for our key. Due to the modified password this new hash is completely different from the first one. Now we append this second hash to the modified password again and rehash it to get the last 20 bytes. Of course now we have 4 bytes too much, so we XOR them over the first hash as we did in the first example. Now we have the needed 56 bytes for the Blowfish encryption algorithm.
Please remember that your password is always combined with 11 bytes of salt."
Any help is appreciated.
<-Romeo3442->