Quantcast
Channel: hashcat Forum - All Forums
Viewing all articles
Browse latest Browse all 7673

HMAC-SHA1

$
0
0
Hi all,
I'm doing an ethical hacking activity and I want to test if developers used a good or bad "secret" for cookie signing.
The software is made with mojolicious that signs his cookie using HMAC-SHA1.

The problem is that the smaller signed cookie I can get from the application is 72 char long!
Using HMAC-SHA1 (150) and giving HASH:cookie (I need to "crack" the key) results in a "Line-length exception".

Am I doing something wrong? The hashcat limitation is something related to the gpu implementation or just a sanity check with passwords in mind?
HMAC is message authentication algo, it sound strange for me that it's impossible to brute a 72 char long text!

Anyone have a good advice for me?
Thank you in advance
Paolo

Viewing all articles
Browse latest Browse all 7673

Trending Articles