oclHashcat can't open Lotus Notes ID hashes from user.id files!
The "9100 Lotus Notes/Domino 8" mode is for the hashes from Domino Directory names.nsf file.
The Internet password (HTTPPassword field) from names.nsf looks like (355E98E7C7B59BD810ED845AD0FD2FC4).
User.id file is generated by the Lotus Domino server and stored on client file system usually in %USERPROFILE%\AppData\Local\Lotus\Notes\Data.
At offset 0xD6 the ciphered user password digest is stored. So the first thing to do is to extract the ciphered blob from the user.id file,
with this tool LotusIdHashExtractor (http://blog.quarkslab.com/static/resourc...tractor.7z)
It extracts the ciphered blob as a hexadecimal string that can be used with the John The Ripper (http://www.openwall.com/john/) with the command
"./john --wordlist=big_dict.txt --format=lotus85 domino.dump" (but it only uses CPU)
The "9100 Lotus Notes/Domino 8" mode is for the hashes from Domino Directory names.nsf file.
The Internet password (HTTPPassword field) from names.nsf looks like (355E98E7C7B59BD810ED845AD0FD2FC4).
User.id file is generated by the Lotus Domino server and stored on client file system usually in %USERPROFILE%\AppData\Local\Lotus\Notes\Data.
At offset 0xD6 the ciphered user password digest is stored. So the first thing to do is to extract the ciphered blob from the user.id file,
with this tool LotusIdHashExtractor (http://blog.quarkslab.com/static/resourc...tractor.7z)
It extracts the ciphered blob as a hexadecimal string that can be used with the John The Ripper (http://www.openwall.com/john/) with the command
"./john --wordlist=big_dict.txt --format=lotus85 domino.dump" (but it only uses CPU)