Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd try to bruteforce X (to match the hash), not RC4 at first (though it may be easier)

PBKDF2 is SHA-1 and 4096 rounds, this shouldn't be impossible

Bonus points if you use FPGAs to calculate MD5s



The question is how large that search space is. If you can get a reliable list of directory names and file names then it might be small, but if you are left iterating characters in filenames (and this appears to be Unicode) then I'd imagine you'd run into the same situation.

I'd be much more tempted to look at the fact that the first four bytes of the RC4 key stream appear to be recoverable and look at key recovery from that.


PBKDF2 uses a hash function which need not be SHA-1 and applies it a variable number of rounds with a recommended minimum of 1000.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: