Is hash type hmac-ripemd-160 supported?
#1
Hello,

I spent a good 6 hours today reading about hashcat on forum, wiki and Internet pages. Have it working but am stuck with a "line length exception" hash recognition problem.

Is the hash type "hmac-ripemd-160" supported?
I do not find it listed in the Hashcat wiki (http://hashcat.net/wiki/doku.php?id=hashcat). Specifically, I do not see Ripemd listed at all.

In the "Example hashes" page (http://hashcat.net/wiki/doku.php?id=example_hashes) I read that modes from 6000 to 6241 include Ripemd or HMAC-Ripemd. That is not exact, but is a start. Unfortunately, if I run hashcat latest version with i. e. -m 6000, it complains that this mode is not supported. Is the "Example hashes" page outdated?

Apologies if I am missing something obvious, i. e. Ripemd is identical to MD. I did not find any such statement in my researches.

The file I am testing with is created by an old Truecrypt version 4.2a, hash HMAC-Ripemd-160, encryption AES.

Thanks in advance for any help!
#2
You don't need HMAC-RIPEMD160 support, you need TrueCrypt 4.x support. Hashcat only supports TrueCrypt 5.x+ so I don't think mode 6281 will work for you.
#3
(06-15-2014, 08:24 AM)epixoip Wrote: You don't need HMAC-RIPEMD160 support, you need TrueCrypt 4.x support. Hashcat only supports TrueCrypt 5.x+ so I don't think mode 6281 will work for you.

Thanks a lot for the clarification. I have checked the supported algorithms for oclHashcat, which is my final goal as I need to crack a 15 characters ?l?u?d password (thus I started to practice the base Hashcat on an Amazon EC2 instance).

http://hashcat.net/oclhashcat/#features-algos
This page mentions HMAC-Ripemd-160:

"TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES"

Based on your experience, the fact that my file was created with an unsupported Truecrypt makes it useless for oclHashcat, even if the algorithm could be supported?

I know the natural answer is "just try", but I fear I do not know enough yet to move on to the more advanced oclHashcat.
#4
(06-16-2014, 02:40 PM)majsat Wrote: I need to crack a 15 characters ?l?u?d password

don't bother if you don't have any hints that decrease the search space dramatically.
#5
(06-16-2014, 02:44 PM)undeath Wrote: don't bother if you don't have any hints that decrease the search space dramatically.

Yes I know that with normal firepower the Universe will end before the operation is completed.

Let's say I do not really *need* to crack this archive. I am having fun learning Hashcat, and seeing how far it can go in terms of performance.

When I will launch the final attack with oclHashcat on an EC2 GPGU, if it will still tell me that it needs a few years, I will give up. In the meantime I will have learnt something about high-performance computing.

I am already amazed by the fact that on an Amazon Mini instance (1 CPU with just a half Gigabyte of RAM), the base Hashcat does 140 million tries per second!

Other cracking apps that I've tested can do 10 *thousand* tries per second! For you this might be normal knowledge, for me it's a surprise.

Hashcat on a Mini instance would need only 10 hours to test all possible combinations of a 6-digit ?l?u?d.

I am so curious to see the performance of oclHashcat on an EC2 GPGU with the equivalent of 26 cores and 15 GB of RAM. The cost to run such instance for a few days will not be high, if I manage to do it when spot prices are low.

So, would you be so kind to help me understand if I can use oclHashcat with the old Truecrypt archive? :-)
#6
Pretty sure it won't work, even though the algorithm is the same the file structure is likely different. Even if it did work you're never going to crack a password like that with brute force.

If your goal is just to see how fast oclHashcat is, try cracking a large MD5 dump or something. You will have more fun and will learn much more with a dump like that.