12-04-2015, 10:28 AM
12-04-2015, 11:16 AM
No. TEA is a block cipher, and hashcat targets hash algorithms. See also https://hashcat.net/forum/thread-4874-po...l#pid27356
12-04-2015, 05:47 PM
Indeed it is a block cipher, with 128bit key, which works on 64bit blocks.
Given one scenario where its not used for streams (memory, files), but only one block, to find the key then the difference between hash and crypto is not much.
Given one scenario where its not used for streams (memory, files), but only one block, to find the key then the difference between hash and crypto is not much.
12-04-2015, 09:20 PM
Sure, provided there's a KDF involved. Is it?
12-05-2015, 07:06 PM
In the system Im looking at, the assumption is that TEA is used as a KDF. We call it a pwdgen
pwd = tea(Secret key, unique bytes)
btw doesn't hashcat support DES and other cryptos?...
pwd = tea(Secret key, unique bytes)
btw doesn't hashcat support DES and other cryptos?...
12-05-2015, 07:37 PM
No, Hashcat doesn't support cracking DES encryption. But it does support some password hashing algorithms which incorporate DES (descrypt, LM hash, etc.) Hashcat does support some popular encrypted filetypes (Office, PDF, RAR, 7z, etc.) but these are algorithms which run the password through a KDF to derive an encryption key, and we attack the KDF, not the crypto algorithm.
Hashcat is open source now, so if this is important to you, you can add it yourself
Hashcat is open source now, so if this is important to you, you can add it yourself
12-05-2015, 09:15 PM
(12-05-2015, 07:06 PM)iceman Wrote: [ -> ]In the system Im looking at, the assumption is that TEA is used as a KDF. We call it a pwdgen
pwd = tea(Secret key, unique bytes)
And the "Secret key" is a password chosen by a human? If not, there's nothing to attack: You obviously can't brute-force a 128-bit key.
12-15-2015, 02:14 PM
Yes, I did notice that Hashcat went open source.
But I'm curious, how does the KDF for descrypt look like? I mean algorithmwise.
But I'm curious, how does the KDF for descrypt look like? I mean algorithmwise.
12-17-2015, 12:46 AM
DEScrypt's KDF is among the weakest out there: The password is truncated to eight characters, and all characters have their 8th bit stripped. That leaves us with a 56-bit DES key.