0

So I have a simple program which hashes all the values in a list of common passwords then compares the hashes to a hash value given. to then crack the password.

However it doesn't seem to work as passwd_found is still false and I believe its the IF statement that's not working. Any help is appreciated.

dic = [] passwd_hash = '4297f44b13955235245b2497399d7a93' passwd_found = False for k in dic: md5hash = hashlib.md5(k.encode('utf-8')) print(md5hash.hexdigest()) if passwd_hash in md5hash: passwd_found = True else: passwd_found = False
Improve this question
4
  • 2
    Is your indenting off? Commented Nov 21, 2017 at 18:04
  • 2
    md5hash will equal the hash of the last string in dic. Is that what you want? Commented Nov 21, 2017 at 18:05
  • 1
    @ChristianDean I want to see if passwd_hash matches any of the hashed values from the list Commented Nov 21, 2017 at 18:07
  • I would check if passwd_hash == md5hash:, since md5 will always produce a hash of the same length (true for pretty much any hash function). Commented Nov 22, 2017 at 19:19

1 Answer 1

Reset to default
4

I believe your indentation was off and you need to use .hexdigest() in the comparison otherwise, you get an error:

TypeError: argument of type '_hashlib.HASH' is not iterable

import hashlib dic = ['123','1234','12345','123456','1234567','12345678','password', 'qwerty','abc','abcd','abc123','111111','monkey','arsenal','letmein','trustno1','dragon','baseball','superman','iloveyou','starwars','montypython','cheese','123123','football','batman'] passwd_hash = '4297f44b13955235245b2497399d7a93' passwd_found = False for k in dic: md5hash = hashlib.md5(k.encode('utf-8')) t_hash = md5hash.hexdigest() print(t_hash) if passwd_hash in t_hash: passwd_found = True else: passwd_found = False if passwd_found: print(k) # 123123 matches
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Also, since you're calling hexdigest() twice, it might be worthwhile storing both the hash and the digest to avoid duplicating finalizing the hash and then converting the digest to a hexadecimal representation. Also, you should probably check for brute equality, or brute equality of some slice, if the hash is padded for some reason (since the hash should always produce the same number of bytes).