bcrypt hash with salt
#1
Hello,  I am new to hashcat and after searching for a little bit I am not able to locate the syntax I would need to get the answer I am looking for. 

I believe the hash name is bcrypt.

I have a hash that starts with the following $2y$12$....(60 total characters) and I have a salt which ends with == but has 32 characters.

the syntax used is
hashcat64.exe -a 0 -m 3200 $2y$12$.....

I then get an error message of "timeout in stdin mode".

any help would be appreciated.
#2
https://hashcat.net/forum/thread-7686.ht...ight=stdin
#3
Read help/wiki/usage.
You missed something do to (dictionnary attack ? mask ? etc.), that's why hashcat is waiting for your input in stdin.
#4
Thank you for your response, 

If I would like to brute force attack this hashed password what command structure would I used?
-I know nothing about the length or characters used. upper/lower case, special character, numbers

if I use the following command hashcat -m 3200  -a 3 -1 ?a hashes.txt ?1?1?1?1?1?1?1?1?1?1

-m 3200 bcrypt encryption
-a 3 brute force
-1 pattern ?a = upper/lower, special characters and numbers
hashes.txt is my file with the hashes

I get the following message
integer overflow detected in keyspace of mask: ?1?1?1?1?1?1?1?1?1?1?1?1

how do I brute force the password if I don't know the length or characters used, but I do have the salt used.
#5
brute-forcing bcrypt is not feasible.
#6
just to confirm if I have the hash $2y$12$... and the salt I am not able to decrypt bcrypt?
#7
Hashing is not encrpytion. You cannot decrypt a hash. There is no guaranteed way ever to crack a hash. I'm not saying you cannot crack bcrypt. But brute-force is not feasible.
#8
What's your GPU card?
Do some math. Aasssuming you have a GTX 1080 Ti, you will try ~23'000 passwords per seconds.
You said "I don't know the length or characters used".
Assuming mixalpha+digits => 62 characters
62 at length 5 will take 11 hours to bruteforce. You can do it.
62 at length 6 will take 28 days to bruteforce. You still can do it..
62 at length 7 will take ~5 years to bruteforce. Good luck.

Quote:But brute-force is not feasible.
+1
#9
(11-23-2018, 12:14 AM)Mem5 Wrote: Assuming you have a GTX 1080 Ti, you will try ~23'000 passwords per seconds.

With cost factor 12? I think you're being a little too optimistic Big Grin
#10
Heh yeah, 23 KH/s is for cost of 5. At cost 12 the speed is 2^7 times slower at roughly 179 H/s.