08-02-2023, 10:42 PM
(We don't say "encrypting" / "decrypting" when we talk about password hashes - we "hash" them, and then "crack" them)
Not sure why that online hashing tool wouldn't validate - can you actually crack that hash with hashcat?
Other options:
'test.pl' that is distributed with hashcat can hash bcrypt in bulk. It defaults to cost factor 5, but you could tweak the source to increase that. It does require installing a couple of additional Perl modules.
$ echo blah | test.pl passthrough 3200
$2a$05$MRGuLhi2MBKzMRCwKBSxKOlusRYXA6CPIKQUoL0RSTlEFzcD0xRdi
You can also use `htpasswd -bnBC 10 "" [password]`
mdxfind -z works for some hashes, but doesn't appear to work for bcrypt.
Not sure why that online hashing tool wouldn't validate - can you actually crack that hash with hashcat?
Other options:
'test.pl' that is distributed with hashcat can hash bcrypt in bulk. It defaults to cost factor 5, but you could tweak the source to increase that. It does require installing a couple of additional Perl modules.
$ echo blah | test.pl passthrough 3200
$2a$05$MRGuLhi2MBKzMRCwKBSxKOlusRYXA6CPIKQUoL0RSTlEFzcD0xRdi
You can also use `htpasswd -bnBC 10 "" [password]`
mdxfind -z works for some hashes, but doesn't appear to work for bcrypt.
~