How does hashcat figure out the SHA CRYPT ROUNDS on a Linux password
A part of my /etc/login.defs file looks like this:
ENCRYPT_METHOD SHA512
# Define the number of SHA rounds.
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
SHA_CRYPT_MAX_ROUNDS 6000
From what I understand of this, is that the password will go through 6000 rounds of hash.
Now, when I used a tool like hashcat how do I tell it that the hash has gone through 'x' number of rounds.
I am able to use hashcat like so: hashcat -m 1800 -a 0 -o found.txt hash.txt rockyou.txt and it is still able to find it. Is it able to figure out the number of rounds by itself?
Edit: I just found out that the Linux box wasn't actually using 6000 rounds of hash, although I thought I had configured it to use 6000 rounds. Instead it was just 5000.
With some Python code, I was able to replicate the "SHA512" password encryption in Linux:
from passlib.hash import sha512_crypt
sha512_crypt.encrypt("testing123",rounds=6000,salt="6EGwX1iP")
The resulting hash is $6$rounds=6000$6EGwX1iP$oMerxGPimb/4ZXcI0Vbt87sNfw07eh7VPzcQwHOls8t3hLYGLQR0KjncrpyAjLTfPC3Fj7jhFoZKeuPRfTbJa/
This string of course has the number of rounds which can be passed to hashcat.
