04-28-2024, 11:42 AM
The b' on your screen is an encoding/decoding-thing.
As for the false positives, this is extensively discussed here https://github.com/hashcat/hashcat/issue...-647462514
You'll read that there is a padding check of only 4 bytes (namely \x04\x04\x04\x04) in the decrypted output in order to see if the candidate is correct. This technique is susceptible to have a lot of false positives.
Since it is not documented anywhere on how to optimize this check (at my knowledge), one should be using --keep-guessing.
Finally, as also stated in the Github-issue, the login-pwd and the keychain-pwd have a high probability to be the same.
As for the false positives, this is extensively discussed here https://github.com/hashcat/hashcat/issue...-647462514
You'll read that there is a padding check of only 4 bytes (namely \x04\x04\x04\x04) in the decrypted output in order to see if the candidate is correct. This technique is susceptible to have a lot of false positives.
Since it is not documented anywhere on how to optimize this check (at my knowledge), one should be using --keep-guessing.
Finally, as also stated in the Github-issue, the login-pwd and the keychain-pwd have a high probability to be the same.