precompute bcrypt hashes
#1
Hi


I have a case in which i want to precompute a set of bcrypt hashes with a high difficulty.

I tried a ton of cpu based implementations and it is not comparable with the cracking throughput of hashcat on nvidia.

However I am missing the option to precompute a hashlist instead of cracking it with existing hashes. 

I guess it isnt possible with hashcat since rainbow tables are a thing of the past?

If thats the case can someone please reference me to a opencl or cuda implementation of a bcrypt digest.

Is it possible to port it from the hashcat codebase?

Would also be interested in hiring a freelancer to help with it.

Thanks!
Reply
#2
undeath edit: removed completely unnecessary quote

bcrypt has a salt which is designed to make it infeasible to precompute look up tables... ie. you don't know what the random salt is for the target system. Therefore you'd need to calculate the brcrypt hash for all possible salts?  

Now I certainly have seen systems where all password hashes use the same salt, but... they're fortunately rare.
Reply
#3
Hi

I am totally aware of that. I am not trying to use a rainbow table but brute force a deterministic salt next to known password. I also am not trying to hack a traditional password database but use this as part of a ecdsa key derivation method that needs recoverability.

Thanks
Reply
#4
You want to precompute high cost bcrypt hashes to.... use with ecdsa? I'm not sure i understand the point of this but I can probably help you.
Reply
#5
cool thanks Ill reach out with PM
Reply
#6
Still looking for someone. Help would be really appreciated and ideally I find a freelancer already familiar with hashcat.
Reply
#7
I added a bounty for it on freelancer.com

https://www.freelancer.com/projects/open...cl/details

looking forward to work with one of you!
Reply
#8
so you are trying to build some kind of a rainbow table in 2k20 ?

the problem that you might be also completely ignoring is that I/O (disk etc) is very slow (https://en.wikipedia.org/wiki/File:Compu...rarchy.svg, https://www.formulusblack.com/wp-content....22-PM.png).... so you must be very sure that you are doing it right with when and how often you flush the output to NVM SSD hopefully or ramdisk ... it could be the bottleneck even for some very higher cost factors.
Reply
#9
Hi thanks for your interest!

low disk io is fine I know there is a maximum of 9 mio results and the average will be about 90000 results

also the heavy duty is in the bcrypt rounds since it will be a cost factor of 17. I expect a 1080ti card to create 1 hash every 250 ms

Thanks!
Reply
#10
if you really think that the time (printing etc) is no problem, you could just easily add a printf () statement in the comp () kernel to print the computed digest and call it a day. no need to do any fancy project or pay somebody to do a freelance job etc.
Reply