this sounds very interesting
@womble, do you plan on sharing your hashcat module and opening a pull request (PR) on github ?
what is your strategy with avoiding false positive (or can we assume that it's quite rare and the user should use --keep-guessing ?)
btw: also see https://github.com/hashcat/hashcat/blob/...t-guide.md for our new dev guide, we would appreciate some feedback or help in improving it also. that would be great (but remember, it's a guide... not a tutorial or step-by-step instruction on how to add a module)
It would also be nice to have some standard hash format for it.... lately we tend to use hash formats with signature like:
$BFACS$version*salt*data*hash
or similar, where the start is the signature, then comes a number to indicate an internal hash version (could also be a software version, but in general it's just some "hash format version"), and after that the important data.... the last field is normally the checksum/hash or encrypted data etc
I think it wouldn't be impossible to use the MD5 checksum as a early reject/exit, but later on also do some further verification (only if matched)... not sure if a strategy like this is possible/applicable here (I didn't look at the details)
Thx and really great discovery
@womble, do you plan on sharing your hashcat module and opening a pull request (PR) on github ?
what is your strategy with avoiding false positive (or can we assume that it's quite rare and the user should use --keep-guessing ?)
btw: also see https://github.com/hashcat/hashcat/blob/...t-guide.md for our new dev guide, we would appreciate some feedback or help in improving it also. that would be great (but remember, it's a guide... not a tutorial or step-by-step instruction on how to add a module)
It would also be nice to have some standard hash format for it.... lately we tend to use hash formats with signature like:
$BFACS$version*salt*data*hash
or similar, where the start is the signature, then comes a number to indicate an internal hash version (could also be a software version, but in general it's just some "hash format version"), and after that the important data.... the last field is normally the checksum/hash or encrypted data etc
I think it wouldn't be impossible to use the MD5 checksum as a early reject/exit, but later on also do some further verification (only if matched)... not sure if a strategy like this is possible/applicable here (I didn't look at the details)
Thx and really great discovery