Hi there. Anybody know a way using oclHashcat for cracking the KEY of encrypting mysql AES_ENCRYPT function?
Im looking for salt/key if i know the plaintext and hash
Im looking for salt/key if i know the plaintext and hash
|
MySQL AES Encrypt
|
03-02-2015, 08:05 PM
How about the whole string? There MUST be a way to bruteforce AES_ENCRYPT hash.
It's not a hash, it's encrypted. You're asking how to brute force an AES key, which is either 2^128 or 2^256. This is not possible. You might have some luck if the developer screwed up and only used keys in the ASCII range, but then you're still looking at 95^16 or 95^32.
03-03-2015, 01:28 AM
epixoip i c your point but not fully.
I *might* know how i can do it in php/mysql. cheking 0-100000 for($i=0;$i<100000;$i++) { if(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $i, pack('H*', $hash), 'ecb') === $plain) { echo 'Encrypt key: '.$i; die(); } } however its slow since using cpu.
03-03-2015, 03:21 AM
That's sort of the idea, except "0-100000" are not valid keys. The key is either going to be 16 or 32 characters long, depending on whether it's a 128-bit key or 256-bit key. And each character should be in the full 0x00 - 0xff range, unless the developer screwed up and used a printable key, in which case it will be in the 0x20-0x7e range.
It doesn't matter though because even the best-case scenario you're looking at 95^16, which can't be brute forced with even the largest clusters working on the fastest algorithms. |
|
« Next Oldest | Next Newest »
|
