need help with sha512
#21
OK, if you say so.

Now I've a question @ epixoip

Quote:Please understand sha512crypt, aka SHA512(Unix), is *not* simply salted sha512. The "hex string" generated by Cain's Hash Calculator is just a raw sha512 hash, and is completely different -- and in no way compatible with -- sha512crypt in libc. The "ASCII string" that crypt outputs is base64-encoded, and is the result of 5,000 rounds of the sha512 algorithm.

You can use -m 1800 in the cpu version of Hashcat to crack the sha512crypt hashes from your shadow file.

I gues 5 ruonds means, that there is generated a SHA512 hash out of my pw and this string is passing the algorythm once again. This will be repeated for another 3 times and this hash will be encoded with base64 after this.

Now I looked up base64 at wikipedia and compared it with my linux string. There were some "." (dots) included in my hash but no "+", but in wikipedia was no ".", but a "+" for the value of "62". Am I right, when I think these two chars are both reprisented by the value of 62?

Beside that I tryed to convert a base64 saltto hex manually.
The bas64 strin contains of 13 chars, means 13 6bit-blocks means 78 bits. 78 ins't divisible by 8, so I think ther ware 2 zero bits more 0-bits at the end of the hex hash. But in this case 80 isn't divisible by 6 and to convert this string two 8bit-zero-blocks should had been added two the hash, because 96 is the next number which is divisble by 6. But in this case two "=" mus stand after the bas64-hash, which aren't there.

Is there something wrong in my calculation, or are they just droped out of the hash?
#22
It's not the same Base64 encoding, a customized one (Based on Base64).

And it's 5000 rounds, not 3 or 5.
#23
Really, really tricky, I like that. 5000 rounds, this explains why it lasts so long to crack this hash and why rainbow-tables are a good alternative. But the salt is so long, that rainbowtables would need too much hdd-space. Seems to be much more safer than anything else I tryed till now and seems to be nearly invulnurable by brute-force, and uncrackable in general if you use the right password.
#24
Overall, it is more than 5000 sha512 operations because of the initialization part which is more complex as compared to md5crypt. There can be 30-40 additional sha512 hash operations depending on salt and password (the initialization part is particularily unfriendly to GPUs).

A good description of the algorithm can be found here:

http://www.vidarholen.net/contents/blog/?p=33