Hello Community,
Currently I'm trying to brute force a 7-zip file, the thing is that when I got a hash from a file I locked by myself the hash was really really long compared to the file I'm trying to crack.
Same for the hashcat hash 7zip example, the hash I'm trying to crack is like 4 times shorter.
Will it still be the correct hash or may it be with some other encryption?
Thanks.
I'm guessing that you used 7z2hashcat to extract the "hash"... well generally I would assume that whenever 7z2hashcat extracts a valid hash and hashcat can load it, you shouldn't worry about the correctness of the hash.
If you really want you can still try to understand the information mentioned here
https://github.com/philsmd/7z2hashcat#ex...ash-format about the output format. As you might guess, if the hash had to be "truncated" ($7z$128$... ), the hash of course could be smaller than "normally".
Unfortunately, there is no such thing as a "normal" size for the output, it all depends on the data itself (e.g. the length used for the crc32 checksum of the first file)... (and as mentioned above it also depends whether it could/had to be truncated ... and if it was compressed heavily).
As you can see, there are many factors that come into play... but I wouldn't worry too much.
BTW: if you really want, you could try to provide more information about the steps you did (how you extracted the "hash") and how the first few fields of your "hash" look like (e.g. whether it was truncated or not, remember: do not post hashes here! In this case the only intresting parts would be e.g. the outputted total hash length, file size and first few fields) ... but honestly I wouldn't worry too much if 7z2hashcat successfully managed to extract the "hash"
That answers my questions! I indeed used the 7z2hashcat to get the hash. It starts with $7z$128$19$0$$16$, so yeah it's correct. I just wanted to be sure it extracted in the right way.
Thanks for your reply!