DS2432 brute force

[Coragem]

Hello all,
I've been reading these forums quite a lot and I believe I already know the answer to my question, but I'll ask it anyways.

I'm trying to find out what's the password recorded in a DS2432 chip. It's just a memory chip from Dallas Semiconductor / Maxim-IC that requires you to send the SHA-1 hash of it's password to record data in it. I logged the communication of a certain machine with this chip, and it shows several hashes of the correct password.

The problem is this: The password is 8 bytes long, from 00h to FFh. And it's salted with 56 additional bytes. So, it's a hash of 64 bytes total. I know the 56 salt bytes. I just need to find out the 8 password bytes.

Now, researching about this, I can imagine this will take several trillion years to brute force, correct? And also, a hash of 64 bytes... is it even possible to brute force the 8 password bytes out of it? Even if I know the salt bytes?

Thanks in advance, and thanks also for the great program!

[undeath]

a sha1 hash consists of 20 bytes so whatever you have there does not seem to be a sha1 hash at all. Actually I have never heard of a hash consisting of 8 bytes. (if your salt consists of 56 bytes it doesn't extend the hash value!) To do anything with this data you need to know what algorithm is used.

[Coragem]

No no, sorry, the hash is 20 bytes (160 bits). When I said "a hash of 64 bytes" I meant that it's a hash made from encrypting 64 bytes using SHA-1.

It is SHA-1 indeed. The 20-byte hash is made from 8 password bytes and 56 salt bytes.

[undeath]

as long as you expect the password to only consist of valid ascii characters with no specials or control characters the password should be bruteforced within some days using a recent gpu. But if you expect it to consists of full range UTF-8 characters (which is unlikely for normal passwords) you might not need the password anymore after is has been recovered

Only problem is oclhashcat-lite only supporting passwords up to 55 chars (bytes). So you will need to use some other gpu based hash cracker for this job. (which will not be as fast as hashcat)

[atom]

well, not trillion years to brute-force. more like 180 years on a hd5970. 256^8 is big, but sha1 is computed pretty fast (3200M/s). also note that if your plaintext is of size 64 its required to do an additional sha1 transform. in best case, this lowers speed to 1600M/s.

[Coragem]

Yes, unfortunately the password is in the full range from 00h to 0FFh. It's not a user-entered password. The machine generates it based on the chip's 64-bit serial number and it's own internal logic.

And even if I got the password, I'd have to reverse-engineer how it was made based on the chip's 64-bit serial number, which probably means that I'd need more than 1 password. So...