Very nice and informative explanation, PowerGlove. I would give you some more merits for it if only I had more sMerits left (I prefer to keep at least about 10+ or so to be able to give them when I stumble over really merit worthy posts, um, like yours).

Anyway, you're probably one of few with highest merits/posts ratio.

I was always interested how this works. AFAIR, you can do the exhaustive hash crunching with tools like Hashcat and John the Ripper. They have it as a defined method of cracking implemented. I read about it, but never used it myself so far (didn't have to). So it's really nice to have some details explained by you.

If I don't mix things up, both tools had some tools scripts to extract the data portion (encrypted mkey, salt, iteration count) you've described. I will remember your post, once I will have to tackle such a cracking problem.

BTW, great suggestion to always check with a known challenge if a cracking procedure will actually be able to find a correct result! You don't want to spend time and energy with a flawed cracking recipe or the wrong (buggy) tools.


It's up to OP what he makes of it.