SHA1 key stretching
#1
Hi all,

I'm completely unsure where to put this so I figured this would be the correct place. How would I integrate a custom SHA1 algo into hashcat to use GPU? The algorithm I am trying to brute force uses SHA1, however it also utilizes key stretching. It hashes into itself 10 times, while adding the KEY.

It starts with: KEY--salt--password-KEY
Then the next time it's: lasthash--salt-password--KEY, and it keeps using the hash from before 10 times.

I've created a perl script to use a wordlist:

Code:
#!/usr/bin/perl

use strict;
use Digest::SHA1;


die "usage: $0 <hash list> <dictionary> <skey>\n" unless @ARGV == 3;
my $skey = $ARGV[2];

open(H, "<$ARGV[0]") || die "bad hash list";

my $i = 0;
$|++;
my $time = time;
while (<H>)
{
    $i++;

    my $sec = time - $time;
    $time = time;
    print "\rTesting hash $i... ($sec secs/hash)";
    chomp;
    my ($h, $s) = split(':');
    open(W, "<$ARGV[1]") || die "bad pass list";
    while (<W>)
    {
        chomp(my $w = $_);
        my $x = "--$s--$w--$skey";
        my $i = $skey;
        $i = Digest::SHA1::sha1_hex($i . $x) for 1 .. 10;
        if ($i eq $h)
        {
            print "\rgot: $h => $w\n";
            last;
        }
    }
    close W;
}

__DATA__    
    for (int b = c_start_block; b < blks; b++) {
        write("Processing block: %d\n", b);
        foreach (words[b * BLKSIZE..(b + 1) * BLKSIZE - 1], w) {
            foreach (hashes; h; s) {
                x = "--" + s + "--" + w + "--" + skey;
                i = skey;
                
                for (n = 0; n < 10; n++) {
                    i = String.string2hex(Crypto.SHA1.hash(i + x));
                }
            
                if (i == h) {
                    write("%s        %s\n", h, w);
                    f_cracked->write("%s:%s\n", h, w);
                }
            }
        }
    }

However, since it's 10 iterations.. it's very slow. So I wanted to utilize GPU. Is this possible with hashcat?
#2
no.
#3
Do you know of any other options (that may support GPU) besides hashcat to speed up the process, epixoip?
#4
not that i know of.
#5
you could probably modify jtr.
#6
(02-04-2013, 05:01 PM)undeath Wrote: you could probably modify jtr.

Thanks for the referral. I was able to build (and share) a JtR format to crack these type of hashes quickly.