(08-19-2016, 09:41 PM)philsmd Wrote: The hash type -m 8900 = scrypt uses a so-called embedded salt (this is at least hashcat's terminology). It means that the salt is part of the string you give hashcat to crack (the "hash") and there are many more hash types that use similar strings.
What this means is, that the salt in most cases can't be separated from the hash, this is especially the case if an algorithm produces some output that "embeds" the (mostly random) bytes to other parameters and the final digest/hash itself. Since it makes no sense to split such string into hash : salt, because often it can't even be done easily (think about something like base64 ($salt.$digest) where you can't just split the salt and digest without base64 decoding the whole line first).
Whenever hashcat deals with embedded salts, it won't use something like hash : salt and therefore the --outfile-formats which normally can e.g. skip/omit the salt won't do anything (applying these outfile formats to hashes with embedded salt output the whole "hash" with the embedded salt included).
Yes, the scrypt format uses a similar concept, the format incorporates the salt already, along with the Nrp parameters. the format is SCRYPT:N:r:p:base64(salt):base64(digest) . Well, this format is no invention by hashcat devs but this is kind of a defacto-standard to output scrypt hashes used in PHP, perl etc... furthermore also other crackers use this format.
most example hashes are generated by test.pl (see https://github.com/hashcat/hashcat/blob/...5491-L5505 for scrypt)
btw: the salt for the example hash is 0203305404425 and MDIwMzMwNTQwNDQyNQ== base64-encoded, all passwords for the example hashes are "hashcat" (except otherwise noted)
i have seen u took the Scrypt example which MDIwMzMwNTQwNDQyNQ== is equal to 0203305404425 in base64 but when decoding the "hash"/"digest" with base64 the result is way different.
how can we encode the second part of the "hash" like the example?
thanks
UPDATE:
answer was given in private , so here it is
the second part of the has was encode with "echo HASH... xxd -p -r | base64"