Which Hashcat -m hash type code corresponds to salted SHA512 (sha512crypt)?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which Hashcat -m hash type code corresponds to salted SHA512 (sha512crypt)?

Explanation:
Hashcat uses mode numbers to identify the exact hash algorithm to crack. For salted SHA-512 crypt, the format commonly seen on Linux systems (the $6$ prefix in /etc/shadow) is recognized by the mode that specifically implements sha512crypt. That mode is 1800. It knows how to parse the embedded salt and the iteration count, and it performs the sha512crypt calculation for each candidate password to compare against the target hash. The setup with sha512crypt includes salt and many rounds (default around 5000), which is why this particular mode is needed—to correctly interpret the hash structure and reproduce the hashing process to test guesses. Other mode numbers correspond to different hash families, so they won’t correctly process a sha512crypt hash.

Hashcat uses mode numbers to identify the exact hash algorithm to crack. For salted SHA-512 crypt, the format commonly seen on Linux systems (the $6$ prefix in /etc/shadow) is recognized by the mode that specifically implements sha512crypt. That mode is 1800. It knows how to parse the embedded salt and the iteration count, and it performs the sha512crypt calculation for each candidate password to compare against the target hash.

The setup with sha512crypt includes salt and many rounds (default around 5000), which is why this particular mode is needed—to correctly interpret the hash structure and reproduce the hashing process to test guesses. Other mode numbers correspond to different hash families, so they won’t correctly process a sha512crypt hash.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy