Custom iterations count
#1
Hello everyone,

I'll admit this is a pretty weird scenario, but sadly I have to face it.
I have a sha512 salted hash, with custom iterations for each user. For example User A has 7200 iterations, User B 9100 and so on.
(Beats me why they didn't just use bcrypt with a freaking high cost value)

Any suggestions on how can I deal with it?
Github forking is the only way?
#2
What are the details about the algorithm used?
"sha512 salted with custom iterations" doesn't really say much.
There are many different ways to use "sha512", "iterations" and "salt" all within a hashing scheme.

Do you mean something like sha512crypt ? PBKDF2-HMAC-SHA512 ? or is it really "just" some salted sha512 iterations ?
If so, when is the salt used (on each and every iteration? appended or prefixed)? Are hexadecimal or binary digests used etc?

Also see https://hashcat.net/wiki/doku.php?id=example_hashes
#3
Since I don't have access to the code base, I can only perform an educated guess.
The hash resembles plain sha512 algorithm, the salt is something like 104e8bd5-462f-4974-a508-f2963be9da75

I suspect the developer followed the logic of Drupal hashing and "improved" it.
Since I have a small-medium collection (24k hashes), I was thinking about trying to validate the hash using very common passwords (ie password, 123456) until a match is found. Then is business as usual Big Grin