Restore.Sub.#1. beginner question
#4
I think "guessed" is the wrong term. Most things (except of the password) are normally known when it comes to hash cracking. Normally you won't need to guess iterations counts (or cost factors), they are part of the hash like a -m 12000 = PBKDF2-HMAC-SHA1 which could start with:
Code:
sha1:10000: ...

in this case the 10,000 means that hashcat needs to perform 10000 iterations for this specific hash, while other hashes could start with "sha1:1000" and therefore it's just a tenth of the other hash with 10,000 iterations.
There are some special algorithms that do not make this "parameter" flexible, it's just hard-coded/fixed, therefore it doesn't need to be part of the "hash line" or hash format itself.
In any case, you wouldn't need to "guess" it, it should be something known.

The same normally holds for other parameters of the hash algorithm, yeah even the salt. The salt is something that shouldn't be guessed, it's just something known (also to the attacker normally) and should be part of the "hash"/hash line/hash format.

in short:
- iterations: cost factors depending on hash itself (if parametrized) and/or algorithm
- amplifier: mangles the base words (rules, word combinations, masks prefix, etc)
Reply


Messages In This Thread
Restore.Sub.#1. beginner question - by Kyssista - 07-01-2020, 06:44 PM
RE: Restore.Sub.#1. beginner question - by philsmd - 07-01-2020, 08:55 PM