Posts: 6
Threads: 2
Joined: Mar 2017
Hi!
I want to brute-force DES and recover the key. The problem is that I only have the first half of the cipher text, but the entire plain text.
Example:
- Plain text: 0000 0000 0000 0000
- Cipher text: 1111 1111 ???? ????
Is it possible to brute-force this and get all possible keys as output? I have another first half of a cipher text, so I then want to brute-force which of the first keys are used.
Is it something like this?
hashcat -m 14000 0000000000000000:11111111?????????? -o cracked.txt -a 3 -1 ./hashcat-3.40/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 3
Posts: 6
Threads: 2
Joined: Mar 2017
Will this work?
hashcat -m 14000 0000000000000000:11111111?b?b?b?b -i -o cracked.txt -a 3 -1 ./hashcat-3.40/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 3
Posts: 5,185
Threads: 230
Joined: Apr 2010
No, this is not supported. Also you'd end up with 2^(32-8) possible passwords, which is surely not what you want.
Posts: 6
Threads: 2
Joined: Mar 2017
04-29-2017, 06:09 AM
(This post was last modified: 04-29-2017, 06:23 AM by al1984.)
I am also looking for something similar, but I know the cipher text, but only 3 bytes out of 8 bytes of the plaintext.
Can something be implemented for this in the next version of hashcat? (To exhaust all of the keyspace of DES, and give you all of the possible keys that correspond to the match of the known cipher text with the partial known plain text)
Posts: 18
Threads: 3
Joined: Dec 2015
You don't have enough information to be able to recover a key.
Put simply, if you only know the first three bytes of the ciphertext, then that leaves 5 bytes unknown, which leaves up to (2^40) = 1,099,511,627,776 possible combinations.
In the example in the first post, there are 8 hex chars missing, which gives 16 bits of unknown information, or (2^32) potential candidates which equals 4,294,967,296 possibilities.
