SHA1 and Hashcat

SHA1: Secure Hash Algorithm 1
Salt: Randomly generated number, “the password of password”
hashcat:  a free password recovery tool that comes with Kali Linux.

The latest time I saw SHA1 is with iPython. You can secure your IPython server by adding a password, where you can generate using the passwd() function and store that into your config file, more.


The generated hash is supposed to be in the format of `hash_algorithm:salt:passphrase_hash`. And we can see the salt is 12 characters long and the passphrase hash is 40 characters long.

Then I start thinking, can I use hashcat to recover my passcode if I forget the password? I first pass the hash code to hashid, which is an application that can give you a best guess which type of hash method the target is encrypted in. After I stripped off the salt, the hashid recognizes it should be SHA1, which is exactly the hash type how it was generated.

Then the next step is how to use hashcat to recover the code.

How hashcat works is you have to provision a list of passwords and a set of rules that hashcat need to follow, Then hashtag will leverage the computing power of GPU to quickly recover the password if the combo of initial list and rules will cover the target. To learn more about hashcat, here is a decent tutorial to get you started.

For the POC, I will just provide a list containing the password `datafireball` and use the straight attach mode.

Based on the documentation about hashcat here, I think salt:pass should be matched to 120, or at least one of 110, 120, 130 and 140. However, neither of them works and they all prompted the error: separator unmatched.


The interesting thing is after I switched the order of salt and phrase_hash, then the hashcat works using mode 110 (sha1($pass.$salt)).


Anyway, it is a fun time getting to know hashcat and sha1. Still need to figure out how the hashcode is generated using salt with password and looking forward knowing more about Kali Linux.

PyMOTW – Python Module of the Week

Have you ever realized there are tons of build in libraries come with Python? Have you realized that you only happen to know very few of them? Have you ever wanted to learn more about the rest but it turned out that the documentation is meaningless because you are a “handy” people because you want to see examples?

Doug has a website called where you can find the code examples for rarely used libraries, like this one about shlex (simple lexical analysis).

If you feel better holding a book in your hand, here is a book that you can buy.


Tutorialspoint – simply easy learning

Today I came across a Python library that I need to play around and learn how to use it, however, I am using my GF’s Windows desktop where Python interpreter is not installed at all, let alone any IDE.

That is where I came across Tutorialspoint. And they provided the functionality of online terminal and online IDE, which is called codingground

In my point of view, if you are really new to a certain area or programming language, this might be the easiest way to start writing your hello world example and gain some confidence 🙂


Learn Scala from the expert

If you have already decided to learn Scala, you had better well plan your time and study Scala in the right way.

Believe it or not, the designer of Scala – Martin Odersky actually have a whole series of tutorials on Coursera where you can learn Scala at your pace.

I watched the first video and my rating will be 5 out of 5.

The explanation if very clear and all the contents and software set up are fairly up2date. Generally, it is a fun time.

What I have done today:

(1) subscribe to the Scala class
(2) Installed Scala, Sbt, JDK8, Scala-Eclipse and typesafe on my Windows machine
(3) created my first scala object and the interactive Worksheet.
(4) Call-by-name and Call-by-value will have their own benefits in certain scenario.

Spark iPython notebook


1. spot instance
took me 20 minutes to start the cluster

2. hue
Dynamic Port forwarding

3. cluster group – master, core, task

#install anaconda python
mkdir ~/bwang
cd ~/bwang

for i in `seq 1987 2008`
wget “${i}.csv.bz2”

bzip2 -d *