Noob: HMAC-SHA256 message digest and key
#1
I'm new to hashcat and would like to try recovering a key from a message authentication code.

I have the HMAC-SHA256 message authentication code, and the message, but not the key.

I would like to use hashcat to recover the key used, but I am seeing errors and I can't find any good examples online to learn from.

Data format I am using:
[digest]:[hex(message)]

command I am trying:
hashcat -a 3 -m 1450 data.hash

I get a line length exception.

For test purposes, in python I tried generating my own examples:
Code:
import hmac
from hashlib import sha256

message = "This is a long message that might be a little too long"
mkey = "password"
digest = hmac.new(mkey, message, sha256)
print(digest.hexdigest())
print(message.encode('hex'))
#2
The message is too long (max 50 bytes). See here for format: https://hashcat.net/wiki/doku.php?id=example_hashes
#3
Thanks, that helps!

When looking at the algorithm though, it does not state that the hash only uses the first 50 bytes of the message in the HMAC generation, but the whole message:

hash(key + hash(key + message))

Maybe I am just using it wrong and it's only for HMAC password generation with 50 byte salt, and not message authentication hashes.

Any ideas?

Thanks!
#4
It's a hashcat limitation not a limitation caused by the algorithm itself.