bcrypt hash generator
#1
I am going to test some hashcat , and I decided to get hashes from online encoders.
But for testing, I need information to be correct.

I could easily find online md5 encryptor, and seems like it is working correct. 
But for bcrypt , it seems not ok, I will attach screenshoot, to explain what I mean. 
Could you advice me any trusted bcrypt encoder, so the pentesting tests will be correct?


Attached Files
.png   penis.png (Size: 23.49 KB / Downloads: 4)
Reply
#2
(We don't say "encrypting" / "decrypting" when we talk about password hashes - we "hash" them, and then "crack" them)

Not sure why that online hashing tool wouldn't validate - can you actually crack that hash with hashcat?

Other options:

'test.pl' that is distributed with hashcat can hash bcrypt in bulk. It defaults to cost factor 5, but you could tweak the source to increase that. It does require installing a couple of additional Perl modules.

$ echo blah | test.pl passthrough 3200
$2a$05$MRGuLhi2MBKzMRCwKBSxKOlusRYXA6CPIKQUoL0RSTlEFzcD0xRdi

You can also use `htpasswd -bnBC 10 "" [password]`

mdxfind -z works for some hashes, but doesn't appear to work for bcrypt.
~
Reply