PBKDF2 and SHA-1 question ilya980 Junior Member Posts: 8 Threads: 3 Joined: Dec 2016 04-06-2019, 10:49 PM Hi, Could you please help me sort out how to properly compute PMKID? I recorded the hash with hcxdumptool and converted with hcxpcaptool. I have a code that computes SHA-1 hash as a function of key (char) and message (char). I want to calculate PMKID (the first string in the file) using the SHA-1 code. This thread https://hashcat.net/forum/thread-7717.html says that  1) PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA) 2) PMK= PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256) Should I compute PMK by iterating SHA-1 calculation 4096 times? How do I choose the block size? What is ssid? Is it ESSID of the AP? Should the ssid input be converted to HEX? Also, the output of SHA-1 is 40 hex digits long. How do I make it 256 bytes long? For the PMKID calculation, do I use PMK in hex as input? What is the second argument?  Thanks. philsmd I'm phil Posts: 2,267 Threads: 16 Joined: Feb 2013 04-06-2019, 10:58 PM https://github.com/hashcat/hashcat/blob/...pm#L40-L58 256 bits are 32 bytes (32 * 8 = 256) ZerBea Moderator Posts: 1,015 Threads: 2 Joined: Jun 2017 04-07-2019, 11:18 AM (This post was last modified: 04-07-2019, 11:32 AM by ZerBea.) if you include openssl: #include #include #include PMK is calculated by: PKCS5_PBKDF2_HMAC((const char*)psk, psklen, (unsigned char*)essid,  essidlen, 4096, EVP_sha1(), 32, pmk) successfull if result > 0 PMKID is calculated by: HMAC(EVP_sha1(), pmk, 32, salt, 20, pmkid, NULL); successfull if result > 0 and the salt is calculated by: char *pmkname = "PMK Name"; uint8_t salt[32]; memcpy(&salt, pmkname, 8); memcpy(&salt[8], mac_ap, 6); memcpy(&salt[14], mac_sta, 6); That's all. ilya980 Junior Member Posts: 8 Threads: 3 Joined: Dec 2016 04-09-2019, 05:16 AM I want to simulate this calculation in MATLAB. Do you know if MATLAB scripts for this already exist? Is there a good algorithm description for PKCS5_PBKDF2_HMAC and HMAC functions? I have a HMAC-SHA1 function that computes a hash from the message and a key, but I don't understand whether it is useful. Also, hashcat (m16800) is doing it differently, using OpenCL, right? Thanks. ZerBea Moderator Posts: 1,015 Threads: 2 Joined: Jun 2017 04-09-2019, 08:40 AM You are right, hashcat is using OpnCl for both functions. The c code example should show that the functions are easy to implement in different coding languages like c, by adding cryptolibs. There are also java implementations: https://howtodoinjava.com/security/how-t...thHmacSHA1 For a simulation in MATLAB (I don't use it), you have to read the basics here: https://tools.ietf.org/html/rfc8018#page-11 Unfortunately this docs are not easy to understand. A good source is stackoverflow: https://stackoverflow.com/questions/2465...-hmac-sha1 Caster Junior Member Posts: 10 Threads: 4 Joined: Oct 2022 10-20-2022, 05:35 PM (04-07-2019, 11:18 AM)ZerBea Wrote: if you include openssl: #include #include #include PMK is calculated by: PKCS5_PBKDF2_HMAC((const char*)psk, psklen, (unsigned char*)essid,  essidlen, 4096, EVP_sha1(), 32, pmk) successfull if result > 0 PMKID is calculated by: HMAC(EVP_sha1(), pmk, 32, salt, 20, pmkid, NULL); successfull if result > 0 and the salt is calculated by: char *pmkname = "PMK Name"; uint8_t salt[32]; memcpy(&salt, pmkname, 8); memcpy(&salt[8], mac_ap, 6); memcpy(&salt[14], mac_sta, 6); That's all. but I am unable to get correct PMKID result. What I am doing wrong? see https://hashcat.net/forum/thread-11072.html « Next Oldest | Next Newest »