hackmdio codimd Scrypt.kdf hash format
I am trying to figure out how to audit hashes created by codimd open source software. Does anyone have any suggestions about re-formatting the password hashes for hashcat input?

Based on the code it looks like they are using NMP Scrypt.kdf
e.g. https://github.com/hackmdio/codimd/blob/...ls/user.js

For example I created a local installation of codimd and created a few user accounts with password lower case "a". The corresponding password hashes are stored in the database user table.



Is anyone familiar with how this application salts passwords or where it stores the salt?

Does anyone have any ideas about how to wrangle this hash into a format that will be accepted as input for hashcat. I think the closest mode may be 8900.
  • It seems that I will need to base64 the salt and digest. Based on the code, I believe the current format is hex. I'm not sure if I will have to convert to binary before base64 encoding or not.
  • I am also unsure of where the separation is between the salt and digest. It seems like "736372797074000e0000000800000001" is a repeated prefix so maybe it is the salt?
  • I'm still trying to figure out how to determine the P,n,r for 8900 format e.g. SCRYPT:1024:1:1:

Thanks in advance for any advice or suggestions on this.