HMAC-SHA1
#1
Hi all,
I'm doing an ethical hacking activity and I want to test if developers used a good or bad "secret" for cookie signing.
The software is made with mojolicious that signs his cookie using HMAC-SHA1.

The problem is that the smaller signed cookie I can get from the application is 72 char long!
Using HMAC-SHA1 (150) and giving HASH:cookie (I need to "crack" the key) results in a "Line-length exception".

Am I doing something wrong? The hashcat limitation is something related to the gpu implementation or just a sanity check with passwords in mind?
HMAC is message authentication algo, it sound strange for me that it's impossible to brute a 72 char long text!

Anyone have a good advice for me?
Thank you in advance
Paolo


Messages In This Thread
HMAC-SHA1 - by Paolo - 09-19-2017, 10:55 AM
RE: HMAC-SHA1 - by philsmd - 09-19-2017, 11:08 AM
RE: HMAC-SHA1 - by Paolo - 09-19-2017, 12:31 PM
RE: HMAC-SHA1 - by Paolo - 09-19-2017, 01:24 PM
RE: HMAC-SHA1 - by philsmd - 09-19-2017, 03:03 PM
RE: HMAC-SHA1 - by Paolo - 09-19-2017, 04:41 PM