03-17-2026, 09:49 AM
Hi all,
A friend's forgotten their Bitwarden password (remembers the parts of the password but not which parts they used/what order...) so I'm going to run a custom wordlist of permutations of those fragments.
However the hash they got out of Bitwarden doesn't match the format in the examples (waiting on them to get back to me with the tool they used to extract it in case it's just a dumb tool issue), the example hash from the wiki is;
$bitwarden$2*100000*2*bmXXXXXXXXXXXXXXXXXXXXXXdA==*+v5XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXfg=
But their extracted hash is;
$bitwarden$1*700000*YnXXXXXXXXXXXXXXXXXXXXXXX20=*jxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3o=
The $1 vs $2 and lack of the extra field after the iterations count would tend to make me think this is a different mode (but I'd typically assume $2 to be newer so it would surprise me if hashcat supported the newer hash format but not the older one)?
Has anybody run into this?
Thanks
A friend's forgotten their Bitwarden password (remembers the parts of the password but not which parts they used/what order...) so I'm going to run a custom wordlist of permutations of those fragments.
However the hash they got out of Bitwarden doesn't match the format in the examples (waiting on them to get back to me with the tool they used to extract it in case it's just a dumb tool issue), the example hash from the wiki is;
$bitwarden$2*100000*2*bmXXXXXXXXXXXXXXXXXXXXXXdA==*+v5XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXfg=
But their extracted hash is;
$bitwarden$1*700000*YnXXXXXXXXXXXXXXXXXXXXXXX20=*jxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3o=
The $1 vs $2 and lack of the extra field after the iterations count would tend to make me think this is a different mode (but I'd typically assume $2 to be newer so it would surprise me if hashcat supported the newer hash format but not the older one)?
Has anybody run into this?
Thanks