What would be the most efficient way to solve this?
Hello guys,

I have a few SHA1 hashes/salts. Some of the passwords are known and they are truncated sha1 hashes (40 - last 14 chars =) 26 chars long. So I have two options right?
(a) Try to mask attack the salted hash or
(b) use a wordlist to crack the known truncated sha1 hash (the actual pwd) and look for a pattern to guess the others, but for that I have to config oclHashcat to check for partial matches, right? Is that even possible?

And how can I take advantage of the fact, that the password is itself a hash? Is there any rule I can use for hashes besides a hex custom charset?


For full speed this requires a special designed hash-mode. If you don't mind about performance simply pipe it.

Quote:perl -MDigest::SHA -ne 'printf "%s\n", substr (Digest::SHA:Confusedha1_hex ($_), 0, 26)' < wordlist.txt | ./oclHashcat64.bin ...
Thanks, I solved it with a combinator attack and searched for the substring programmatically. Maybe not the best way to do it but it worked.