How to solve some strange hash of hack.chat
#1
Sad 
I have a hash algorithm:
Code:
const hash = (password) => {
  const sha = crypto.createHash('sha256');
  sha.update(password+SALT);
  return sha.digest('base64').substr(0, 6);
};

But it just uses first 6 bytes after base64.
How can I solve it?
Reply
#2
This is not something hashcat can do. Also the first 6 bytes of base64 only gives you the first 4 bytes of the hash. So you lose 224 bits of info about the hash. This will result in *a lot* of false positives for the password+SALT combination resulting in those 4 bytes.

I doubt this is worth your time.
Reply
#3
Sad 
(07-27-2022, 09:48 AM)DanielG Wrote: This is not something hashcat can do. Also the first 6 bytes of base64 only gives you the first 4 bytes of the hash. So you lose 224 bits of info about the hash. This will result in *a lot* of false positives for the password+SALT combination resulting in those 4 bytes.

I doubt this is worth your time.
Oh I just need to get one possible answer of the password.
Reply
#4
(07-27-2022, 01:46 PM)huolongguo10 Wrote:
(07-27-2022, 09:48 AM)DanielG Wrote: This is not something hashcat can do. Also the first 6 bytes of base64 only gives you the first 4 bytes of the hash. So you lose 224 bits of info about the hash. This will result in *a lot* of false positives for the password+SALT combination resulting in those 4 bytes.

I doubt this is worth your time.
Oh I just need to get one possible answer of the password.

do you know the salt and the 6 bytes? if yes, implement this "algorithm" in any programming/scripting language and feed this with bruteforce generated strings and break when this algo hits your 6 bytes (feeding incrementing numbers only maybe also work) well this sounds like a funny "give it a try" project for tomorrow (i will try to find a collision with numbers for sha(string+SALT)
Reply