I'm in the process of building a program to bruteforce passwords using golang. The format of the password hashes are a md5 hash applied 1000x to the initial password and then that being used. (The code I show is only applying this 5x)
md5(md5(md5(md5(....(md5(password))))))
func hash(pw string) string {
hasher := md5.New()
data := []byte(pw)
fmt.Printf("Initial data: %s
", pw)
for i := 0; i < 5; i++ {
hasher.Reset()
hasher.Write(data)
sum := hasher.Sum(nil)
data = sum[:]
fmt.Printf("Iteration %x has the hash: %x
", i+1, data)
}
return hex.EncodeToString(data)
}
The result from this differs from what using the command line utility md5sum gives. My other attempt was to use, because this was stateless but I still start to deviate on the second round of hashing
sum := md5.Sum([]byte(data))
What is a good/successful way of achieving calculating this iterated hash?
Maybe I'm misunderstanding your question, but is this what you're looking for?
package main
import (
"crypto/md5"
"fmt"
"io"
)
func main() {
fmt.Printf("
result: %s", md5plus("123", 2))
}
func md5plus(text string, cost int) string {
for i := 0; i < cost; i++ {
fmt.Printf("Loop %d: %s", i+1, text)
hash := md5.New()
io.WriteString(hash, text)
text = fmt.Sprintf("%x", hash.Sum(nil))
fmt.Printf(" => %s
", text)
}
return text
}
https://play.golang.org/p/ri-5m3RZ_8v
I realize you're trying to reuse the hasher in your version, but to my understanding, that's not how the library is intended to be use. You write to it to compute single hashes, not rounds.