bcrypt type assistance request
#1
After like some days spent on bruteforcing bcrypt hashes with no positive result, using algorithm 3200, I have realised that algorithms

3200, 25600, 25800, 28400, 30600 have similar examples

Quote:$2a$05$/VT2Xs2dMd8GJKfrXhjYP.DkTjOVrY12yDN7/6I8ZV0q/1lEohLru   bcryptmd5

$2a$05$Uo385Fa0g86uUXHwZxB90.qMMdRFExaXePGka4WGFv.86I45AEjmO bcryptsha1

$2a$12$KhivLhCuLhSyMBOxLxCyLu78x4z2X/EJdZNfS3Gy36fvRt56P2jbS bcryptsha512

$2b$10$FxDtpTNaL303lLcWtd6LFO2U6Gc63VJ07qycHcfqbQQ71GhO/qSzu bcryptsha256


$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6 bcrypt (3200) 

All of them are 62 characters long, all of them using same possible character lists, and all of them give no error while choosing wrong attack mode. 
For example I am loading all those 5 hashes, choose bcryptsha256 attack mode, and they are bruteforcing like everything is ok, but wordlist "hashcat" word gives positive result only for correctly chosen attack mode, according to the algorithm. 
So I am doing so many useless work.
Could someone help me, maybe there are some "secrets" and "tricks" which help recognizing correct hashmode for bcrypt hashes? 
hashes dot com says all of them are bcrypt unix 3200 mode, but that is not true


That was example list, maybe someone could show directly on the example here, how we could differ bcrypt hashes
Reply
#2
[Moderator note: AI/LLM generated, which is against forum rules.]


To identify the correct hash mode for a bcrypt hash, you can use the following steps:

Check the length of the hash. Bcrypt hashes are typically 60 characters long, but they can be shorter or longer depending on the hash mode.
Check the possible character set. Bcrypt hashes can use a variety of character sets, but the most common character set is the alphanumeric character set (upper and lowercase letters, numbers, and symbols).
Check the presence of certain characters. Some characters, such as the dollar sign ($) and the forward slash (/), are specific to certain hash modes.
Example:

Hash: $2y$12$UWXTwsAGw3JbP3Zef5.dBuCSKaVVIhtfrnt5scQDezcRgONXRF1K.

Length: 60 characters
Possible character set: Alphanumeric characters
Specific characters: `$`, `/`
This hash is a bcrypt hash with the 2y12 hash mode.

Another example:

Hash: $2a$10$O/Pi.M4BVVJs1rnjpAGJcu9hj./LxkNxCby9v6PdnkvTMdI6Kqc/G

Length: 60 characters
Possible character set: Alphanumeric characters
Specific characters: `$`, `/`
This hash is a bcrypt hash with the 2a10 hash mode.

Note: The <span class="math-inline">2y</span> and <span class="math-inline">2a</span> prefixes indicate that the hash is a bcrypt hash. The number following the prefix indicates the cost factor. The higher the cost factor, the more difficult the hash is to crack.

List of bcrypt hash modes:

Hash mode | Cost factor | Length | Possible character set | Specific characters
------- | -------- | -------- | -------- | --------
2y10 | 10 | 60 | Alphanumeric characters | `$`, `/`
2y11 | 11 | 60 | Alphanumeric characters | `$`, `/`
2y12 | 12 | 60 | Alphanumeric characters | `$`, `/`
2y13 | 13 | 60 | Alphanumeric characters | `$`, `/`
2y14 | 14 | 60 | Alphanumeric characters | `$`, `/`
2a10 | 10 | 60 | Alphanumeric characters | `$`, `/`
2a11 | 11 | 60 | Alphanumeric characters | `$`, `/`
2a12 | 12 | 60 | Alphanumeric characters | `$`, `/`
2a13 | 13 | 60 | Alphanumeric characters | `$`, `/`
2a14 | 14 | 60 | Alphanumeric characters | `$`, `/`
Conclusion:

To identify the correct hash mode for a bcrypt hash, you can check the length of the hash, the possible character set, and the presence of certain characters. The <span class="math-inline">2y</span> and <span class="math-inline">2a</span> prefixes indicate that the hash is a bcrypt hash. The number following the prefix indicates the cost factor.
Reply
#3
Here's the problem: a bcrypt hash and a bcryptmd5 hash are completely, mathematically, indistinguishable *until* you crack them.

So, using the hashcat examples:

Code:
$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6
is a bcrypt hash for the plaintext "hashcat"

Code:
$2a$05$/VT2Xs2dMd8GJKfrXhjYP.DkTjOVrY12yDN7/6I8ZV0q/1lEohLru
is a bcryptmd5 hash for the plaintext "hashcat"

what this *really* means is: the plaintext "hashcat" is hashed with MD5, producing a hex value of 
Code:
8743b52063cd84097a65d1633f5c74f5
, and this hex value is then hashed by bcrypt, giving you a "bcryptmd5" hash value of
Code:
$2a$05$/VT2Xs2dMd8GJKfrXhjYP.DkTjOVrY12yDN7/6I8ZV0q/1lEohLru
 

This isn't a "real" specified hash construction though, it's just an MD5 hash value being hashed *again* by bcrypt.

The hashcat modes for nested crypt hashes (bcryptmd5, etc) are merely there for our convenience, and you can, for example, break a bcryptmd5 hash using bcrypt (-m 3200) and supplying the MD5 hash hex value as your plaintext.

This is how you typically find out that a given group of hashes is in fact nested, when you start getting cracks that are 32 hex values (or 64, or 128 or whatever).

[quote="sorry_me_stupid" pid='59247' dateline='1695821802']
After like some days spent on bruteforcing bcrypt hashes with no positive result, using algorithm 3200, I have realised that algorithms

3200, 25600, 25800, 28400, 30600 have similar examples

[quote]


[/quote]

All of them are 62 characters long, all of them using same possible character lists, and all of them give no error while choosing wrong attack mode. 
For example I am loading all those 5 hashes, choose bcryptsha256 attack mode, and they are bruteforcing like everything is ok, but wordlist "hashcat" word gives positive result only for correctly chosen attack mode, according to the algorithm. 
So I am doing so many useless work.
Could someone help me, maybe there are some "secrets" and "tricks" which help recognizing correct hashmode for bcrypt hashes? 
hashes dot com says all of them are bcrypt unix 3200 mode, but that is not true



[quote]
That was example list, maybe someone could show directly on the example here, how we could differ bcrypt hashes
[/quote]
Reply