Help explaining PBKDF2-HMAC-SHA1 format
#1
Hello,

I created a script using node.js to create a PBKDF2-HMAC-SHA1 hash. I used the password 'test', salt 'hunter2', 1000 iterations, and a key length of 50. 

The output hash is given in hexadecimal: 6f584951dd01a33f05c1da8d19e574d2b8b1cb05e3d608cd4581d286cd92d7e7ae9412c8f57566b2676cdb3a4bf9f5dc7ba1

Which in base64 is:
b1hJUd0Boz8FwdqNGeV00rixywXj1gjNRYHShs2S1+eulBLI9XVmsmds2zpL+fXce6E=

My question is, how do I format this output hash (hex or base64) so that it looks like the one in the hash-example and so that it can be cracked with hashcat? I have no idea how to do that from the hash gotten.

Sample hash:
sha1:1000:MzU4NTA4MzIzNzA1MDQ=:19ofiY+ahBXhvkDsp0j2ww==
Reply
#2
Anyone?
Reply
#3
https://hashcat.net/forum/thread-8146.html
Reply
#4
marc1n dateline='[url=tel:1693032576' Wrote: 1693032576[/url]']
https://hashcat.net/forum/thread-8146.html

Thank you for your response. I already have figured out how to format it. I had a question regarding the salt. Would it be possible to crack it without knowing the salt? Brute-forcing the hash?
Is there any mode in hash at to do that?

Thanks
Reply
#5
(08-26-2023, 02:55 PM)Manu Wrote:
marc1n dateline='[url=tel:1693032576' Wrote: 1693032576[/url]']
https://hashcat.net/forum/thread-8146.html

Thank you for your response. I already have figured out how to format it. I had a question regarding the salt. Would it be possible to crack it without knowing the salt? Brute-forcing the hash?
Is there any mode in hash at to do that?

Thanks

No, it is not possible...
Reply
#6
marc1n dateline='[url=tel:1693055093' Wrote: 1693055093[/url]']
Manu dateline='[url=tel:1693054513' Wrote: 1693054513[/url]']
marc1n dateline='[url=tel:1693032576' Wrote: 1693032576[/url]']
https://hashcat.net/forum/thread-8146.html

Thank you for your response. I already have figured out how to format it. I had a question regarding the salt. Would it be possible to crack it without knowing the salt? Brute-forcing the hash?
Is there any mode in hash at to do that?

Thanks

No, it is not possible...

Okay, thank you. I thought there would be a method to try brute forcing the salt, but it makes sense, would take forever to crack it.
Reply