brute forcing sha256 - need help locating salt in open source code
#5
(10-25-2017, 10:42 PM)megadodgy Wrote: Thanks for the this I will see how I go at trying to rebuild the hash and yes i have come to the grim reality that i wont have access any time soon - unless i can come up with the same password again (that is the part that sucks, if i made up the new variation of my password.... then why cant i do it again)

Hi, i'm in a similar situation. How are you getting on with this?

I've looked at the PasswordHash in a .db3 file from a neo-gui wallet and it appears to be a hex hash with 32 characters. However I'm led to believe that a SHA256 hash has 64 characters.

So, looking at the code linked on github above shows a selection of hash and encryption functions. In the .db3 file the other fields IV and MasterKey seem to relate to an AES encryption. IV = initialization vector.

The output of AES encryption can be (I think) 32 characters long.

Question is then....is the PasswordHash actually being stored in an AES encrypted format - where do the extra 32 characters come from to get a 64 character SHA256 hex hash?

Sorry if this all seems a bit amateurish (n00b) but it's become a bit of an obsession and I can't figure out the next step.

Thanks for any further help or pointers that the community could offer


Messages In This Thread
RE: brute forcing sha256 - need help locating salt in open source code - by Notagain - 02-12-2018, 09:33 PM