Hi Xanadrel, thanks for the reply.
I have used hashcat very briefly, but my purpose here is to write some security guidance rather than to learn Hashcat itself.
I do have one more query:
I have seen several people advocate the use of a 'pepper' or secret salt (some also define it as a MAC) - and others say this is a bad idea. I can understand that your secret may not stay secret due to various human reasons which is bad enough.
Technically though even if you have a hash and a known salt I would expect that an (unknown) pepper would make computing a hash take longer - simply because there are more characters to compute.
I have seen mention that you can somehow isolate a pepper and crack it alone but I don't see how this is possible.. Does hashcat have some particular function or capability in this regard?
I have used hashcat very briefly, but my purpose here is to write some security guidance rather than to learn Hashcat itself.
I do have one more query:
I have seen several people advocate the use of a 'pepper' or secret salt (some also define it as a MAC) - and others say this is a bad idea. I can understand that your secret may not stay secret due to various human reasons which is bad enough.
Technically though even if you have a hash and a known salt I would expect that an (unknown) pepper would make computing a hash take longer - simply because there are more characters to compute.
I have seen mention that you can somehow isolate a pepper and crack it alone but I don't see how this is possible.. Does hashcat have some particular function or capability in this regard?