(11-02-2022, 07:04 AM)phillipw1084 Wrote: Ahh ok then, That's what I wanted to confirm. The part of the hashcat command with the "xxxxxxxx:xxxxxxxx" is supposed to be the "hash":"salt" and not the PT:CT
You can name it how you want, in the end it's just data. Just keep in mind that you "exploit" ECB to crack OFB. From hashcat perspective it's still CT:PT (not PT:CT), but in translated to your case it's (PT^CT):IV because in OFB the PT is the IV (see the wiki page I've linked).
(11-02-2022, 07:04 AM)phillipw1084 Wrote: My next question is this. The "strings" of PT, CT, and IV I have are not 16 hex "digits" long but have an extra 6 making them 22. So 11 bytes instead of 8. Additionally the last 2 of that could by one of two sets. So knowing that would it be safe to just use the 16 characters from the left for each and run that?
For example my PT can be either:
AA AA AA AA AA AA AA AA AA AA BB
or
AA AA AA AA AA AA AA AA AA AA CC
and the CT and IV are that same length.
So can I just use the first 8 bytes since hashcat limits it to 8?
Yes, you have to. Because it's not a hashcat limit, it's how the DES cipher itself is designed. It always takes a block of 8 byte.
I'd strongly suggest you tried I with a known combination of PT, CT and IV first.