fixes #2457: added -m 23100 = Apple Keychain #2472
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new hash type: -m 23100 =
Apple Keychain
.The format details are explained here: #2457 (comment)
An example hash is this (password "hashcat" without quotes):
It basically uses PBKDF2-HMAC-SHA1 with 1000 iterations and a digest output length of 24 bytes, it decrypts a data buffer with 3DES to check for a specific padding.
The only problem here is that the fixed-size padding is only 4 bytes long (
\x04\x04\x04\x04
) and this is the only way to verify the correctness of the password (the remaining bytes of the decrypted data are random key bytes, the file encryption key).I suggest (as mentioned in #2457 ) to use this format with --keep-guessing , otherwise you might risk to see a lot of false positives (collisions).
Thank you