DES-ECB

[Davidi74]

Hi,

I'm trying to test decrypting a DES-ECB hash.

I use a tool to encrypt 0000000000000000 with the key of 000000000000cccc giving the cypher text of 5c3278aafe9127de.

When I run hashcat with the following command

hashcat -a 3 -m 14000 test.hash -1 charsets/DES_full.charset --hex-charset 000000000000?1?1 -D 1

I get.....

Session..........: hashcat
Status...........: Cracked
Hash.Type........: DES (PT = $salt, key = $pass)
Hash.Target......: 5c3278aafe9127de:0000000000000000
Time.Started.....: Wed Apr 22 07:31:14 2020 (0 secs)
Time.Estimated...: Wed Apr 22 07:31:14 2020 (0 secs)
Guess.Mask.......: 000000000000?1?1 [14]
Guess.Charset....: -1 charsets/DES_full.charset, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........:    83194 H/s (11.86ms) @ Accel:128 Loops:1024 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 13312/16384 (81.25%)
Rejected.........: 0/13312 (0.00%)
Restore.Point....: 12288/16384 (75.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1024
Candidates.#2....: $HEX[00000000000001c1] -> $HEX[000000000000fece]

Started: Wed Apr 22 07:31:13 2020
Stopped: Wed Apr 22 07:31:15 2020

C:\HashCat>hashcat64 -a 3 -m 14000 test.hash -1 charsets/DES_full.charset --hex-charset 000000000000?1?1 -D 1 --show
5c3278aafe9127de:0000000000000000:$HEX[000000000000cdcd]


It seems to be the wrong key!

[undeath]

That's because DES operates on 7 bits only. Both keys are valid.

[Davidi74]

That's because DES operates on 7 bits only. Both keys are valid.

Thanks heaps for your reply. Thats what I thought, but when I try it with the smaller key I get


Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

....

Skipping mask '0000000000?1?1' because it is smaller than the minimum password length.

Thanks heaps for your time on this...

[undeath]

bits != bytes

[Davidi74]

bits != bytes

Sorry, I don't follow

I thought 7 bytes=56 bits for the key

[hops]

In DES the least significant bit of each key byte is used as parity bit and does not affect the en-/decryption process.
0xcc in binary is 11001100 while 0xcd is 11001101. Only the last bit (least significant bit) is different and therefore both produce the same result.

Edit: DES keys are still being provided with 64 bits but 8 of them are ignored making the effective key size 56 bits.

[Davidi74]

In DES the least significant bit of each key byte is used as parity bit and does not affect the en-/decryption process.
0xcc in binary is 11001100 while 0xcd is 11001101. Only the last bit (least significant bit) is different and therefore both produce the same result.

Edit: DES keys are still being provided with 64 bits but 8 of them are ignored making the effective key size 56 bits.

Thanks so much.

Is that why we need a special character set for DES, because with only 7 bits, it cant make the full 00-FF?

[undeath]

The DES character set is simply cutting the keyspace. If you were using ?b you'd brute-force the unused bit as well.