Any one know this PASSWORD hash?

Is there anyone know this hash of password:

password":“qFmq4+ss2iKcUs7clYpYMphNLQHKq7wkhwOtQw+9o1s=

i see that’s sha256 and i didnt got the value of IV and Secret key


const derivedkey = await this.driver.deriveKey({
name: “PBKDF2”,
salt: salt
? ArweaveUtils.stringToBuffer(salt)
: ArweaveUtils.stringToBuffer(“salt”),
iterations: 100000,
hash: “SHA-256”,
}, initialKey, {
name: “AES-CBC”,
length: 256,
}, false, [“encrypt”, “decrypt”]);
const iv = new Uint8Array(16);
crypto.getRandomValues(iv);
const encryptedData = await this.driver.encrypt({
name: “AES-CBC”,
iv: iv,
}, derivedkey, data);
return ArweaveUtils.concatBuffers([iv, encryptedData]);
}
async decrypt(encrypted, key, salt) {
const initialKey = await this.driver.importKey(“raw”, typeof key == “string” ? ArweaveUtils.stringToBuffer(key) : key, {
name: “PBKDF2”,
length: 32,
}, false, [“deriveKey”]);
// const salt = ArweaveUtils.stringToBuffer(“pepper”);
const derivedkey = await this.driver.deriveKey({
name: “PBKDF2”,
salt: salt
? ArweaveUtils.stringToBuffer(salt)
: ArweaveUtils.stringToBuffer(“salt”),
iterations: 100000,
hash: “SHA-256”,
}, initialKey, {
name: “AES-CBC”,
length: 256,
}, false, [“encrypt”, “decrypt”]);
const iv = encrypted.slice(0, 16);
const data = await this.driver.decrypt({
name: “AES-CBC”,
iv: iv,
}, derivedkey, encrypted.slice(16));
// We’re just using concat to convert from an array buffer to uint8array
return ArweaveUtils.concatBuffers([data]);

THE PROBLEM THE RANDOM SALT IT GIVE ME RANDOM EVERY CHECK
BUT IN THE WEBSITE I TYPED THE PASSWORD 4 TIMES, AND GIVED ME THE SAME VALUE.

AND ‘SALT VALUE’ I DIDNT KNOW WHERE IS IT TO STOP GENERATING RANDOM ENCRYPTED PASSWORDS.

AND I THING THIS SCRIPT USED PBKDF, after that has used AES CBC encryption! i dont kow


It required only 2 http request

  • Pre-login
  • Login

1

2

3

In the (pre-login) he get only the email, with a response of: ‘{“kdf”:null,“kdfIterations”:null,“version”:4}’

And in the (login) he get the email, encrypted password, fingerprint …etc

i need to know also, is the pre-login required to get the email as salt and to get it encrypted or what ??

I don’t think that is allowed here, its not a cracking forum!

1 Like

no im just asking for how to get the hash