Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: HMAC-SHA1(key=SHA1(password), data=salt)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello

I have a set of passwords that are first Hashed with SHA-1, which is then used as a HMAC-SHA1 key with a salt message.

HMAC-SHA1(key=SHA1(password), data=salt)

I know hashcat supports SHA1 and HMAC-SHA1 but I can't seem to find out how to combine these methods in hashcat. Any help?

If for some reason this is not possible in hashcat, can anyone recommend any other cracking tool which would allow me to crack these passwords, or provide any hints to rolling my own software (if necessary)? I am determined to get these passwords..
I'd say it's -m 150, but I may be wrong.
Can you get a password, say, 12345, into the system and extract the corresponding hash?
That way you'll know for sure whether it's -m 150 or -m 160.
No, hashcat does not support this exact combination.
You can run your wordlists through a sha1 converter and then use the result as dictionary in combinations with -m 150 and -m 160.