Note: This guide is for Mac OS X and Linux users. If you are using Windows on your home computer, follow this guide instead.

Step One—Create the RSA Key Pair

ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase

Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/demo/.ssh/id_rsa):

You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):

It’s up to you whether you want to use a passphrase The entire key generation process looks like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /demo/.ssh/id_rsa.
Your public key has been saved in /demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

The public key is now located in /demo/.ssh/id_rsa.pub The private key (identification) is now located in /demo/.ssh/id_rsa

Step Three—Copy the SSH Keys

透過  cat ~/.ssh/id_rsa.pub 就可以拿到公開的 key

再把內容都加入(append)到要被 ssh 連進去的 server 的 ~/.ssh/authorized_keys 檔案裡，就可以讓其他台電腦不用打密碼連進 ssh server 了。

相關文章：

保衛 OpenSSH

中文版：https://wiki.centos.org/zh-tw/HowTos/Network/SecuringSSH

英文版：https://wiki.centos.org/HowTos/Network/SecuringSSH

OpenSSH（或者 Secure Shell）以經成為一個取代 telnet 協議作遠端存取用的現有標準。SSH 已經令 telnet 等協議多餘的，當中絕大部份原因是由於連線被加密，以及不再以純文字公開地傳送密碼。

然而，預設的 ssh 安裝並非完美。當你營運一個 ssh 伺服器時，有數個簡單的步驟可以明顯地加固你的安裝。

1. 採用難猜測的密碼／用戶名稱

如果你所營運的 ssh 是對外的，你首先會發現的事情，很可能就是駭客嘗試猜/測用戶名稱／密碼的記錄。駭客一般會掃描連接埠 22（ssh 預設聆聽的連接埠）來找尋執行 ssh 的機器，然後嘗試強行攻擊它。借著使用難猜測的密碼，我們希望任何攻擊在成功前會被記錄底及被留意到。

盼望你已經採用了難猜測的密碼。要不然，請嘗試選擁有以下特徵的密碼：

• 最少有 8 個字元
• 同時有大寫和小寫字母
• 同時有字母和數目字
• 有非英數的字元（例如 ! ” £ $ % ^ 等特別字元）

使用難測密碼的好處並不止於 ssh，它更會影響到系統安全的各個範疇。有關密碼的更多資訊可以在 CentOS 的文檔內找到：

http://www.centos.org/docs/4/html/rhel-sg-en-4/s1-wstation-pass.html

如果你完全沒法阻止你的用戶選用易猜測的密碼，請考慮以隨機產生或難猜測的字串作為用戶名稱。如果壞人不能猜測用戶名稱，他們便不能強加猜測密碼。然而，這只是隱晦資訊來換取安全，所以要留心用戶名稱透過用戶發送的電郵等途徑而被洩漏。

2. 停用 root 登入

SSH 伺服器的設定都儲存在 /etc/ssh/sshd_confg 這個檔案。要停用 root 登入，請確定你有以下一行：

# 阻止 root 登入：
PermitRootLogin no

然後請重新啟動 sshd 服務：

service sshd restart

你果你需要 root 的權限，請登入為一般用戶，然後使用 su 這個指令。

3. 限制用戶登入

SSH 登入可以局限給某些需要遠端存取的用戶。如果你的系統有很多用戶，一個合理的做法就是局限遠端存取給那真正有需要的用戶，藉以減低其他用戶採用易測密碼的影響。在 /etc/ssh/sshd_config 內加入 AllowUsers 一行，以空格隔開用戶名稱。例如：

AllowUsers alice bob

接著請重新啟動 sshd 服務。

4. 停用第 1 類協議

SSH 可以採用兩款協議：第 1 類及第 2 類協議。較舊的第 1 類協議的安全性較低，因此它應該被停用，除非你知道你必須要使用它。請在 /etc/ssh/sshd_config 檔內找尋以下一行，解除註釋，並作出如下修改：

# Protocol 2,1
Protocol 2

然後請重新啟動 sshd 服務。

5. 採用非標準的連接埠

根據預設值，ssh 在連接埠 22 聆聽進入的連線。一個駭客如果要斷定 ssh 是否在你的機器上運行，他最大可能就是掃描連接埠 22。一個有效混淆他的方法就是在非標準的連接埠上運行 ssh。任何未被使用的連接埠都可行，但首選的是 1024 以上的。很多人選用 2222 作為替代的連接埠（它很易記），正如 8080 經常被用作 HTTP 的替代連接埠。正正由於這個原因令它不是個好的選擇，因為任何掃描連接埠 22 的駭客亦不會放過連接埠 2222。隨機地選用一個未被使用的高位連接埠會比較合宜。要進行改動，請在你的 /etc/ssh/sshd_config 檔內加入以下一行：

# 在非標準的連接埠上執行 ssh：
Port 2345  #修改我

然後重新啟動 sshd 服務。請勿忘記在你的路由器及相關的防火牆規則裡作出任何必要的改動。譬如在 CentOS 7 你需要更改 firewalld：

$ firewall-cmd --add-port 2345/tcp
$ firewall-cmd --add-port 2345/tcp --permanent

又或者在 CentOS 6：

$ iptables -I INPUT -p tcp --dport 2345 -j ACCEPT

在 CentOS 6 及以上版本，你亦需要更新 selinux，並正確地標籤所選用的連接埠，否則 sshd 便無法存取它。舉個例說：

$ semanage port -a -t ssh_port_t -p tcp 2345 #請更改這處

因為 ssh 不再在標準的連接埠上聆聽連線，你須要告訴客戶端要連線到哪個連接埠。在指令行上執行 ssh 客戶端時，你可以用 -p 選項來指定連接埠：

$ ssh -p 2345 myserver

又或者如果你使用 konqueror 的 fish 協議，你可用：

fish://myserver:2345/remote/dir

如果你覺得每次連線時都要指定連接埠似乎很痛苦，你只需在你個人的 ~/.ssh/config 檔案裡加入一個指定連接埠的記錄：

 # 客戶端 ~/.ssh/config
Host myserver
HostName 72.232.194.162
        User bob
        Port 2345

~/.ssh/config 必須有以下存取權：

$ chmod 600 ~/.ssh/config

6. 在防火牆過濾 SSH

linux 裡有很多防火牆可以用，像是 iptables , ufw 或 firewall-cmd. 直接使用：

sudo ufw allow 22

上面的指令可以直接開啟某一個 port number.

如果你只須由一個 IP 位址進行遠端存取（例如由辦工室進入家中的伺服器），請考慮在你的路由器或 iptables 內加入一條防火牆的規則，將連接埠 22 的存取權限制到特定的 IP 位址，藉此對連線進行過濾。舉個例說，在 iptables 內你可以用這類型的規則達至這個目的：

iptables -A INPUT -p tcp -s 72.232.194.162 --dport 22 -j ACCEPT

SSH 亦對 TCP 包裝函式有內置支援，因此 ssh 服務的存取權亦可同時用 host.allow 及 hosts.deny 來進行管制。

如果你無法限制來源地的 IP 位址，而必須公開 ssh 連接埠，那麼 iptables 依然可以透過記錄及攔截來自同一 IP 位址的重覆登入嘗試，幫助你阻止強行的攻擊。例如：

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

第一條規則利用 recent 模塊來記錄每個存取連接埠 22 的新嘗試。第二條規則檢查這個 IP 位址在過去 60 秒內有否嘗試 4 次或以上的連線，若然沒有更接納封包。注意這個規則須要輸入鏈採用 DROP 的預設政策。

如果你在非標準的連接埠上執行 ssh，請不要忘記對連接埠作出相應修改。情況許可的話，利用防火牆進行過濾是一個非常有效的方法來保衛 ssh 伺服器。

採用 FirewallD 服務的系統，可執行下列 firewall-cmd：

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset
firewall-cmd --reload

7. 採用公鑰／私鑰來驗證

採用加密金鑰來驗證提供兩大好處。首先，如果你應用公鑰／私鑰，是方便，因為你不用再輸入密碼（除非你用密碼來保護你的金鑰）。第二，當伺服器能進行金鑰對的驗證，你便可以完全停用密碼驗證，意即存取時靠賴授權的金鑰 —— 因此不再有猜測密碼的嘗試。

建立及在你的 ssh 伺服器上安裝金鑰對是個相對地簡單的過程。

首先，在你會用來連線到伺服器的客戶端上建立一對金鑰（你須要在每台用來連線的機器上這樣做）：

$ ssh-keygen -t rsa

這樣做會在你的（隱藏了的）~/.ssh 目錄內建立兩個檔案，名叫：id_rsa 及 id_rsa.pub。第一個檔案：id_rsa 是你的私鑰，而另一個：id_rsa.pub 是你的公鑰。

如果你不想每次連線時都被問及密碼（它是用來解開特定的公鑰），在建立金鑰對的時候，你只須按 enter 作為密碼。建立金鑰對時，是否以密碼加密純粹是你的決定。如何你不將金鑰加密，任何人奪得你的本地機器後，便自動擁有遠端伺服器的 ssh 存取權。此外，本地機器上的 root 能夠存取你的金鑰：但假若你不能信任 root（或者 root 已被攻佔），你已經大禍臨頭。將金鑰加密捨棄了不用密碼的 ssh 伺服器，來換取額外的安全，得來的就是輸入密碼來使用這條金鑰。你可利用 ssh_agent 這個程式進一步簡化這個程序。

現在為你的私鑰設定權限：

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

請將公鑰（id_rsa.pub）複製到伺服器上，然後安裝它在 authorized_keys 清單內：

$ cat id_rsa.pub >> ~/.ssh/authorized_keys

註：一旦你匯入了公鑰，你可以在伺服器上刪除它。

最後，設定伺服器上的檔案權限：

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

如果 /etc/ssh/sshd_config 內的 StrictModes 被啟用（預設值），以上的權限是必須的。

請確保你已設置正確的 SELinux 脈絡：

$ restorecon -Rv ~/.ssh

現在當你登入伺服器的時候，你便不用再輸入密碼（除非你在建立金鑰對的時候輸入了一個密碼）。ssh 預設是會先利用金鑰進行驗證。如何它找不到金鑰，或驗證失敗，ssh 會回落到平常的密碼驗證。

一旦你檢查過可以用金鑰對來登入伺服器，你可以在你的 /etc/ssh/sshd_conf 檔內加入以下設定來停用密碼驗證：

# 停用密碼驗證，強制使用金鑰
PasswordAuthentication no

8. 常見問題（FAQ）

問：CentOS 採用 X 版的 OpenSSH，而最新版本是 Y 版。X 版藏有一個嚴重的安全性漏洞，我應否升級？

答：不應該。上游供應者有一個政策，會將最新版本的安全性修正反向移植到現有的發行版本內。只要你擁有最新的更新，你的 CentOS 發行版本已經得到全面修正。有關反向移植安全性修正的詳情，請參閱這裡：

http://www.redhat.com/advice/speaks_backport.html

問：我如何令 ssh 容讓以 NFS 共享用戶主目錄的機器採用無密碼的驗證？

答：SELinux 預設攔阻 root 存取以 NFS 共享、非公用的目錄及檔案，因此 ssh 無法讀取 ~/.ssh 內的用戶金鑰檔。若要批準存取權，請用以下指令更改 use_nfs_home_dirs 的設定值：

setsebool -P use_nfs_home_dirs 1

https://www.centos.org/forums/viewtopic.php?t=49194

9. 連結

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-openssh.html

http://www.dragonresearchgroup.org/insight/sshpwauth-tac.html

 /**
 * 對字符串md5加密
 *
 * @param str
 * @return
 */
 public String getMD5(String str) {
 String ret = null;
 try {
 // 生成一個MD5加密計算摘要
 MessageDigest md = MessageDigest.getInstance("MD5");
 // 計算md5函數
 md.update(str.getBytes());
 // digest()最後確定返回md5 hash值，返回值為8為字符串。因為md5 hash值是16位的hex值，實際上就是8位的字符
 // BigInteger函數則將8位的字符串轉換成16位hex值，用字符串來表示；得到字符串形式的hash值
 ret = new BigInteger(1, md.digest()).toString(16);
 } catch (Exception e) {
 //throw new SpeedException("MD5加密出現錯誤");
 e.printStackTrace();
 }
 return ret;
 }

java.math.BigInteger.toString(int radix)方法實例

java.math.BigInteger.toString(int radix) 返回此BigInteger在給定的基數的字符串表示形式。如果基數是從Character.MIN_RADIX到Character.MAX_RADIX包容的範圍內，它會默認為10(因為Integer.toString的情況下)。

聲明

以下是java.math.BigInteger.toString()方法的聲明

public String toString(int radix)

參數

radix – 該字符串表示形式的基數

返回值

此方法返回此BigInteger在給定的基數的字符串表示形式。

BigInteger(byte[] val)
BigInteger的大小为val的顺序拼接结果

byte[] val = new byte[]{0x11,0x22,0x33};
BigInteger bigInteger = new BigInteger(val);
System.out.println(bigInteger.toString(16)); //16进制输出 , 结果 : 112233

BigInteger(String val, int radix)
得到大小为val , 以 radix 为基数的 BigInteger

BigInteger bigInteger = new BigInteger("1F", 16);
System.out.println(bigInteger.toString(16));//输出结果 1f
System.out.println(bigInteger.toString(10));//输出结果 31

String s1 = "126656864e144ad88d7ff96badd2f68b"; // 16进制数
BigInteger b = new BigInteger(s1,16);           // 16进制转成大数类型    
String s2 = b.toString(16);                     // 大数类型转成16进制

上列的範例輸入結果：

s1: 126656864e144ad88d7ff96badd2f68b
s2: 126656864e144ad88d7ff96badd2f68b

如果前2碼修改為00，則：

s1: 006656864e144ad88d7ff96badd2f68b
s2: 6656864e144ad88d7ff96badd2f68b

所以，最上面的例子，前面要補滿0 才不會出錯。

一開始是在 mysql 上下載安裝檔，可是「官方」的版本似乎很大牌或是不太貼心，都沒有幫忙設定執行檔到path變數裡，所下mysql 相關指令無法執行，還是非官方的版本貼心一點。

非官方的安裝方法，先裝homebrew:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

接著，用 brew install Mysql Client：

brew install mysql --client-only --universal

醬子就可以只安裝到 client, 不下參數就可以連 server side 一起安裝。

Stop MySQL Server (on Linux):

/etc/init.d/mysql stop

Stop MySQL Server (on Mac OS X):

mysql.server stop

接著，要手動啟動一下 mysql:

mysqld_safe --skip-grant-tables &

mysql -u root

進入mysql 後，

use mysql;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new-password');
FLUSH PRIVILEGES;
quit;

Stop MySQL Server:

mysql stop

Start MySQL server and test it:

mysql -u root -p

開新 DB  & 建新帳號：

Create database newdb;

CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'user-password-here';

GRANT ALL PRIVILEGES ON newdb.* TO dbuser@localhost;

FLUSH PRIVILEGES;

相關文章：

mysql Access denied for user ‘dbaccount’@’%’ to database
https://stackoverflow.max-everyday.com/2017/09/mysql-access-denied-for-user-dbaccount-to-database/

stackoverflow：
http://stackoverflow.com/questions/29013414/encrypt-and-decrypt-by-aes-algorithm-in-both-python-and-android

我的執行畫面：

上面 terminal 是 python 的執行結果，下面白色是Android Studio 執行結果，使用同一把的key，python 產生出來的base64 碼是：

hPbYdXXJ472jW2VsEOZLa5iBosENVulYO1xDPI23SsjvebY341uFOS5ZV

Android 產生的base64碼是：

oBOM8SX0a2YcLK2oltF1J/x+WqMP6sDj4Cbp0fPDlroepybDE1CuVsidjyIqNaeq

雖然2邊加密完成後的所產生的base64碼長的不一樣，但是把 Android 產生出來的base64碼放到python裡去解，可以解出一樣的資料出來。

再更進階一點點的做法是加入Spongy Castle或Bouncy Castle：
http://stackoverflow.com/questions/6898801/how-to-include-the-spongy-castle-jar-in-android

* Unfortunately, Android SDK doesn`t support PBKDF2WithHmacSHA256, so we use Spongy Castle, which is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android.
* For version 1.47 or higher of SpongyCastle, we can invoke PBKDF2WithHmacSHA256 directly,
* but for versions below 1.47, we could not specify SHA256 digest and it defaulted to SHA1.
* see
* 1. https://rtyley.github.io/spongycastle/
* 2. http://stackoverflow.com/a/15303291/3962551
* 3. https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography)

Bouncy Castle

充氣城堡軍團（Legion of the Bouncy Castle）是一個來自澳大利亞的慈善團體，他們編寫了Bouncy Castle這個廣泛使用的類庫。該庫既提供了一個輕量級的密碼學 API，也是一個 Java 密碼擴展（JCE）的提供者。安卓平台已經內置了一個精簡過的老版本 Bouncy Castle（同時為了適配安卓平台也做了一些細小的改動）。

Spongy Castle

Spongy Castle 背後的動機是允許安卓開發者在應用程式中使用任意版本的 BouncyCastle 類庫。SpongyCastle 就是對最新版本的 BouncyCastle 進行了簡單地重新打包。

Python code :

import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES

class AESCipher:
    def __init__(self, key):
        self.bs = 16
        self.key = hashlib.sha256(key.encode()).digest()

    def encrypt(self, message):
        message = self._pad(message)
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return base64.b64encode(iv + cipher.encrypt(message)).decode('utf-8')

    def decrypt(self, enc):
        enc = base64.b64decode(enc)
        iv = enc[:AES.block_size]
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')

    def _pad(self, s):
        return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

    @staticmethod
    def _unpad(s):
        return s[:-ord(s[len(s)-1:])]

Android Code:

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;

import android.annotation.SuppressLint;
import android.location.Criteria;
import android.util.Base64;
import android.util.Log;

@SuppressLint("NewApi")
public class Crypt {

private static final String tag = Crypt.class.getSimpleName();

private static final String characterEncoding = "UTF-8";
private static final String cipherTransformation = "AES/CBC/PKCS5Padding";
private static final String aesEncryptionAlgorithm = "AES";
private static final String key = "this is my key";
private static byte[] ivBytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
private static byte[] keyBytes;

private static Crypt instance = null;

Crypt()
{
    SecureRandom random = new SecureRandom();
    Crypt.ivBytes = new byte[16];
    random.nextBytes(Crypt.ivBytes); 
}

public static Crypt getInstance() {
    if(instance == null){
        instance = new Crypt();
    }
    return instance;
}

public String encrypt_string(final String plain) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException
{
    return Base64.encodeToString(encrypt(plain.getBytes()), Base64.DEFAULT);
}

public String decrypt_string(final String plain) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, ClassNotFoundException, IOException
{
    byte[] encryptedBytes = decrypt(Base64.decode(plain, 0));
    return Base64.encodeToString( encryptedBytes, Base64.DEFAULT);
}

public   byte[] encrypt(   byte[] mes)
        throws NoSuchAlgorithmException,
        NoSuchPaddingException,
        InvalidKeyException,
        InvalidAlgorithmParameterException,
        IllegalBlockSizeException,
        BadPaddingException, IOException {

    keyBytes = key.getBytes("UTF-8");
    Log.d(tag,"Long KEY: "+keyBytes.length);
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(keyBytes);
    keyBytes = md.digest();

    Log.d(tag,"Long KEY: "+keyBytes.length);

    AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);
    SecretKeySpec newKey = new SecretKeySpec(keyBytes, aesEncryptionAlgorithm);
    Cipher cipher = null;
    cipher = Cipher.getInstance(cipherTransformation);

    SecureRandom random = new SecureRandom();   
    Crypt.ivBytes = new byte[16];               
    random.nextBytes(Crypt.ivBytes);            

    cipher.init(Cipher.ENCRYPT_MODE, newKey, random);
//    cipher.init(Cipher.ENCRYPT_MODE, newKey, ivSpec);
    byte[] destination = new byte[ivBytes.length + mes.length];
    System.arraycopy(ivBytes, 0, destination, 0, ivBytes.length);
    System.arraycopy(mes, 0, destination, ivBytes.length, mes.length);
    return  cipher.doFinal(destination);
}

public   byte[] decrypt(   byte[] bytes)
        throws NoSuchAlgorithmException,
        NoSuchPaddingException,
        InvalidKeyException,
        InvalidAlgorithmParameterException,
        IllegalBlockSizeException,
        BadPaddingException, IOException, ClassNotFoundException {
    keyBytes = key.getBytes("UTF-8");
    Log.d(tag,"Long KEY: "+keyBytes.length);
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(keyBytes);
    keyBytes = md.digest();
    Log.d(tag,"Long KEY: "+keyBytes.length);
    byte[] ivB = Arrays.copyOfRange(bytes,0,16);
    Log.d(tag, "IV: "+new String(ivB));
    byte[] codB = Arrays.copyOfRange(bytes,16,bytes.length);
    AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivB);
    SecretKeySpec newKey = new SecretKeySpec(keyBytes, aesEncryptionAlgorithm);
    Cipher cipher = Cipher.getInstance(cipherTransformation);
    cipher.init(Cipher.DECRYPT_MODE, newKey, ivSpec);
    byte[] res = cipher.doFinal(codB); 
    return  res;
}
}

看了這幾篇相關文章，終於知道要怎麼在Hashcat裡使用多層 hash、加鹽（Salt）；密碼有中文字的部份，似乎有binary 的mode 可以選擇；密碼超過55個字的這情情況下，使用者自己可能就記不起來。

Hashcat 官網：http://hashcat.net/hashcat/

相關文章：

The Dropbox hack is real
https://www.troyhunt.com/the-dropbox-hack-is-real/

你的密碼被偷了嗎？
http://blog.darkthread.net/post-2016-08-31-have-i-been-pawned.aspx

暴力密码破解器 ocl-Hashcat-plus 支持每秒猜测最多 80 亿个密码

https://www.zhihu.com/question/21558046

GPU破解神器Hashcat
https://jiji262.github.io/wooyun_articles/drops/GPU%E7%A0%B4%E8%A7%A3%E7%A5%9E%E5%99%A8Hashcat%E4%BD%BF%E7%94%A8%E7%AE%80%E4%BB%8B.html

實戰 hashcat 破解 md5
http://jazzlion.github.io/2016/06/16/%E5%AF%A6%E6%88%B0-hashcat-%E7%A0%B4%E8%A7%A3-md5/

產生md5 的字串：
http://www.md5.cz/

Hash破解神器：Hashcat的简单使用
http://xiao106347.blog.163.com/blog/static/215992078201451082547241/

OpenSSL 指令使用說明：
https://www.madboa.com/geek/openssl/

Install hashcat on Mac OSX
https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/

git clone https://github.com/hashcat/hashcat.git
mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/
make

使用心得，大多情況下是會得到 exhausted [ɪgˋzɔstɪd] ，找不到結果，md5 8碼，要找2~5小時，滿可觀的，6碼以內的大多6秒內可以找到答案。善用字典加pattern真的很重要！

md5, sha1, sha256, sha512 加 salt 範例：
https://hashcat.net/wiki/doku.php?id=example_hashes

多層 hash, 在 hashcat 裡是設定 round，ex：
$5$rounds=5000

使用 hashcat 的 attach mode=3 (-a 3) 測 md5 為 1~6碼的，大約6秒內完成，使用 HMAC-SHA256 模式，只使用1個 round, 需要 2 mins, 22 secs來測試。

Python hashlib 裡的說明：
https://docs.python.org/2/library/hashlib.html

14.1.1. Key derivation¶

Key derivation and key stretching algorithms are designed for secure password hashing. Naive algorithms such as sha1(password) are not resistant against brute-force attacks. A good password hashing function must be tunable, slow, and include a salt.

hashlib.pbkdf2_hmac(name, password, salt, rounds, dklen=None)

The function provides PKCS#5 password-based key derivation function 2. It uses HMAC as pseudorandom function.

The string name is the desired name of the hash digest algorithm for HMAC, e.g. ‘sha1’ or ‘sha256’. password and salt are interpreted as buffers of bytes. Applications and libraries should limit password to a sensible value (e.g. 1024). salt should be about 16 or more bytes from a proper source, e.g. os.urandom().

The number of rounds should be chosen based on the hash algorithm and computing power. As of 2013, at least 100,000 rounds of SHA-256 is suggested.

dklen is the length of the derived key. If dklen is None then the digest size of the hash algorithm name is used, e.g. 64 for SHA-512.

>>>

>>> import hashlib, binascii
>>> dk = hashlib.pbkdf2_hmac('sha256', b'password', b'salt', 100000)
>>> binascii.hexlify(dk)
b'0394a2ede332c9a13eb82e9b24631604c31df978b4e2f0fbd2c549944f9d79a5'

New in version 2.7.8.

Mac OSX 上的 hashcat 使用說明：

hashcat, advanced password recovery

Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

- [ Options ] -

Options Short / Long | Type | Description | Example
===============================+======+======================================================+=======================
 -m, --hash-type | Num | Hash-type, see references below | -m 1000
 -a, --attack-mode | Num | Attack-mode, see references below | -a 3
 -V, --version | | Print version |
 -h, --help | | Print help |
 --quiet | | Suppress output |
 --hex-charset | | Assume charset is given in hex |
 --hex-salt | | Assume salt is given in hex |
 --hex-wordlist | | Assume words in wordlist is given in hex |
 --force | | Ignore warnings |
 --status | | Enable automatic update of the status-screen |
 --status-timer | Num | Sets seconds between status-screen update to X | --status-timer=1
 --machine-readable | | Display the status view in a machine readable format |
 --loopback | | Add new plains to induct directory |
 --weak-hash-threshold | Num | Threshold X when to stop checking for weak hashes | --weak=0
 --markov-hcstat | File | Specify hcstat file to use | --markov-hc=my.hcstat
 --markov-disable | | Disables markov-chains, emulates classic brute-force |
 --markov-classic | | Enables classic markov-chains, no per-position |
 -t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50
 --runtime | Num | Abort session after X seconds of runtime | --runtime=10
 --session | Str | Define specific session name | --session=mysession
 --restore | | Restore session from --session |
 --restore-disable | | Do not write restore file |
 -o, --outfile | File | Define outfile for recovered hash | -o outfile.txt
 --outfile-format | Num | Define outfile-format X for recovered hash | --outfile-format=7
 --outfile-autohex-disable | | Disable the use of $HEX[] in output plains |
 --outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check=30
 -p, --separator | Char | Separator char for hashlists and outfile | -p :
 --stdout | | Do not crack a hash, instead print candidates only |
 --show | | Compare hashlist with potfile; Show cracked hashes |
 --left | | Compare hashlist with potfile; Show uncracked hashes |
 --username | | Enable ignoring of usernames in hashfile |
 --remove | | Enable remove of hash once it is cracked |
 --remove-timer | Num | Update input hash file each X seconds | --remove-timer=30
 --potfile-disable | | Do not write potfile |
 --potfile-path | Dir | Specific path to potfile | --potfile-path=my.pot
 --debug-mode | Num | Defines the debug mode (hybrid only by using rules) | --debug-mode=4
 --debug-file | File | Output file for debugging rules | --debug-file=good.log
 --induction-dir | Dir | Specify the induction directory to use for loopback | --induction=inducts
 --outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x
 --logfile-disable | | Disable the logfile |
 --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-key=x.png
 --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-key=x.txt
 --veracrypt-pim | Num | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000
 -b, --benchmark | | Run benchmark |
 -c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32
 --bitmap-min | Num | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24
 --bitmap-max | Num | Sets maximum bits allowed for bitmaps to X | --bitmap-min=24
 --cpu-affinity | Str | Locks to CPU devices, separate with comma | --cpu-affinity=1,2,3
 --opencl-platforms | Str | OpenCL platforms to use, separate with comma | --opencl-platforms=2
 -d, --opencl-devices | Str | OpenCL devices to use, separate with comma | -d 1
 -D, --opencl-device-types | Str | OpenCL device-types to use, separate with comma | -D 1
 --opencl-vector-width | Num | Manual override OpenCL vector-width to X | --opencl-vector=4
 -w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3
 -n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64
 -u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256
 --nvidia-spin-damp | Num | Workaround NVidias CPU burning loop bug, in percent | --nvidia-spin-damp=50
 --gpu-temp-disable | | Disable temperature and fanspeed reads and triggers |
 --scrypt-tmto | Num | Manually override TMTO value for scrypt to X | --scrypt-tmto=3
 -s, --skip | Num | Skip X words from the start | -s 1000000
 -l, --limit | Num | Limit X words from the start + skipped words | -l 1000000
 --keyspace | | Show keyspace base:mod values and quit |
 -j, --rule-left | Rule | Single rule applied to each word from left wordlist | -j 'c'
 -k, --rule-right | Rule | Single rule applied to each word from right wordlist | -k '^-'
 -r, --rules-file | File | Multiple rules applied to each word from wordlists | -r rules/best64.rule
 -g, --generate-rules | Num | Generate X random rules | -g 10000
 --generate-rules-func-min | Num | Force min X funcs per rule |
 --generate-rules-func-max | Num | Force max X funcs per rule |
 --generate-rules-seed | Num | Force RNG seed set to X |
 -1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
 -2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
 -3, --custom-charset3 | CS | User-defined charset ?3 |
 -4, --custom-charset4 | CS | User-defined charset ?4 |
 -i, --increment | | Enable mask increment mode |
 --increment-min | Num | Start mask incrementing at X | --increment-min=4
 --increment-max | Num | Stop mask incrementing at X | --increment-max=8

- [ Hash modes ] -

# | Name | Category
 ======+==================================================+======================================
 900 | MD4 | Raw Hash
 0 | MD5 | Raw Hash
 5100 | Half MD5 | Raw Hash
 100 | SHA1 | Raw Hash
 10800 | SHA-384 | Raw Hash
 1400 | SHA-256 | Raw Hash
 1700 | SHA-512 | Raw Hash
 5000 | SHA-3(Keccak) | Raw Hash
 10100 | SipHash | Raw Hash
 6000 | RipeMD160 | Raw Hash
 6100 | Whirlpool | Raw Hash
 6900 | GOST R 34.11-94 | Raw Hash
 11700 | GOST R 34.11-2012 (Streebog) 256-bit | Raw Hash
 11800 | GOST R 34.11-2012 (Streebog) 512-bit | Raw Hash
 10 | md5($pass.$salt) | Raw Hash, Salted and / or Iterated
 20 | md5($salt.$pass) | Raw Hash, Salted and / or Iterated
 30 | md5(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
 40 | md5($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
 3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated
 3710 | md5($salt.md5($pass)) | Raw Hash, Salted and / or Iterated
 2600 | md5(md5($pass)) | Raw Hash, Salted and / or Iterated
 4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and / or Iterated
 4400 | md5(sha1($pass)) | Raw Hash, Salted and / or Iterated
 110 | sha1($pass.$salt) | Raw Hash, Salted and / or Iterated
 120 | sha1($salt.$pass) | Raw Hash, Salted and / or Iterated
 130 | sha1(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
 140 | sha1($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
 4500 | sha1(sha1($pass)) | Raw Hash, Salted and / or Iterated
 4700 | sha1(md5($pass)) | Raw Hash, Salted and / or Iterated
 4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated
 1410 | sha256($pass.$salt) | Raw Hash, Salted and / or Iterated
 1420 | sha256($salt.$pass) | Raw Hash, Salted and / or Iterated
 1430 | sha256(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
 1440 | sha256($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
 1710 | sha512($pass.$salt) | Raw Hash, Salted and / or Iterated
 1720 | sha512($salt.$pass) | Raw Hash, Salted and / or Iterated
 1730 | sha512(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated
 1740 | sha512($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated
 50 | HMAC-MD5 (key = $pass) | Raw Hash, Authenticated
 60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated
 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated
 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated
 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated
 1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated
 1760 | HMAC-SHA512 (key = $salt) | Raw Hash, Authenticated
 14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
 14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
 400 | phpass | Generic KDF
 8900 | scrypt | Generic KDF
 11900 | PBKDF2-HMAC-MD5 | Generic KDF
 12000 | PBKDF2-HMAC-SHA1 | Generic KDF
 10900 | PBKDF2-HMAC-SHA256 | Generic KDF
 12100 | PBKDF2-HMAC-SHA512 | Generic KDF
 23 | Skype | Network protocols
 2500 | WPA/WPA2 | Network protocols
 4800 | iSCSI CHAP authentication, MD5(Chap) | Network protocols
 5300 | IKE-PSK MD5 | Network protocols
 5400 | IKE-PSK SHA1 | Network protocols
 5500 | NetNTLMv1 | Network protocols
 5500 | NetNTLMv1 + ESS | Network protocols
 5600 | NetNTLMv2 | Network protocols
 7300 | IPMI2 RAKP HMAC-SHA1 | Network protocols
 7500 | Kerberos 5 AS-REQ Pre-Auth etype 23 | Network protocols
 8300 | DNSSEC (NSEC3) | Network protocols
 10200 | Cram MD5 | Network protocols
 11100 | PostgreSQL CRAM (MD5) | Network protocols
 11200 | MySQL CRAM (SHA1) | Network protocols
 11400 | SIP digest authentication (MD5) | Network protocols
 13100 | Kerberos 5 TGS-REP etype 23 | Network protocols
 121 | SMF (Simple Machines Forum) | Forums, CMS, E-Commerce, Frameworks
 400 | phpBB3 | Forums, CMS, E-Commerce, Frameworks
 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce, Frameworks
 2711 | vBulletin > v3.8.5 | Forums, CMS, E-Commerce, Frameworks
 2811 | MyBB | Forums, CMS, E-Commerce, Frameworks
 2811 | IPB (Invison Power Board) | Forums, CMS, E-Commerce, Frameworks
 8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce, Frameworks
 11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce, Frameworks
 400 | Joomla > 2.5.18 | Forums, CMS, E-Commerce, Frameworks
 400 | WordPress | Forums, CMS, E-Commerce, Frameworks
 2612 | PHPS | Forums, CMS, E-Commerce, Frameworks
 7900 | Drupal7 | Forums, CMS, E-Commerce, Frameworks
 21 | osCommerce | Forums, CMS, E-Commerce, Frameworks
 21 | xt:Commerce | Forums, CMS, E-Commerce, Frameworks
 11000 | PrestaShop | Forums, CMS, E-Commerce, Frameworks
 124 | Django (SHA-1) | Forums, CMS, E-Commerce, Frameworks
 10000 | Django (PBKDF2-SHA256) | Forums, CMS, E-Commerce, Frameworks
 3711 | Mediawiki B type | Forums, CMS, E-Commerce, Frameworks
 7600 | Redmine | Forums, CMS, E-Commerce, Frameworks
 13900 | OpenCart | Forums, CMS, E-Commerce, Frameworks
 12 | PostgreSQL | Database Server
 131 | MSSQL(2000) | Database Server
 132 | MSSQL(2005) | Database Server
 1731 | MSSQL(2012) | Database Server
 1731 | MSSQL(2014) | Database Server
 200 | MySQL323 | Database Server
 300 | MySQL4.1/MySQL5 | Database Server
 3100 | Oracle H: Type (Oracle 7+) | Database Server
 112 | Oracle S: Type (Oracle 11+) | Database Server
 12300 | Oracle T: Type (Oracle 12+) | Database Server
 8000 | Sybase ASE | Database Server
 141 | EPiServer 6.x < v4 | HTTP, SMTP, LDAP Server
 1441 | EPiServer 6.x > v4 | HTTP, SMTP, LDAP Server
 1600 | Apache $apr1$ | HTTP, SMTP, LDAP Server
 12600 | ColdFusion 10+ | HTTP, SMTP, LDAP Server
 1421 | hMailServer | HTTP, SMTP, LDAP Server
 101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | HTTP, SMTP, LDAP Server
 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | HTTP, SMTP, LDAP Server
 1711 | SSHA-512(Base64), LDAP {SSHA512} | HTTP, SMTP, LDAP Server
 11500 | CRC32 | Checksums
 3000 | LM | Operating-Systems
 1000 | NTLM | Operating-Systems
 1100 | Domain Cached Credentials (DCC), MS Cache | Operating-Systems
 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating-Systems
 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating-Systems
 1500 | descrypt, DES(Unix), Traditional DES | Operating-Systems
 12400 | BSDiCrypt, Extended DES | Operating-Systems
 500 | md5crypt $1$, MD5(Unix) | Operating-Systems
 3200 | bcrypt $2*$, Blowfish(Unix) | Operating-Systems
 7400 | sha256crypt $5$, SHA256(Unix) | Operating-Systems
 1800 | sha512crypt $6$, SHA512(Unix) | Operating-Systems
 122 | OSX v10.4, OSX v10.5, OSX v10.6 | Operating-Systems
 1722 | OSX v10.7 | Operating-Systems
 7100 | OSX v10.8, OSX v10.9, OSX v10.10 | Operating-Systems
 6300 | AIX {smd5} | Operating-Systems
 6700 | AIX {ssha1} | Operating-Systems
 6400 | AIX {ssha256} | Operating-Systems
 6500 | AIX {ssha512} | Operating-Systems
 2400 | Cisco-PIX | Operating-Systems
 2410 | Cisco-ASA | Operating-Systems
 500 | Cisco-IOS $1$ | Operating-Systems
 5700 | Cisco-IOS $4$ | Operating-Systems
 9200 | Cisco-IOS $8$ | Operating-Systems
 9300 | Cisco-IOS $9$ | Operating-Systems
 22 | Juniper Netscreen/SSG (ScreenOS) | Operating-Systems
 501 | Juniper IVE | Operating-Systems
 5800 | Android PIN | Operating-Systems
 13800 | Windows 8+ phone PIN/Password | Operating-Systems
 8100 | Citrix Netscaler | Operating-Systems
 8500 | RACF | Operating-Systems
 7200 | GRUB 2 | Operating-Systems
 9900 | Radmin2 | Operating-Systems
 125 | ArubaOS | Operating-Systems
 7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)
 7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)
 10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)
 8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)
 8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)
 9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)
 133 | PeopleSoft | Enterprise Application Software (EAS)
 13500 | PeopleSoft Token | Enterprise Application Software (EAS)
 11600 | 7-Zip | Archives
 12500 | RAR3-hp | Archives
 13000 | RAR5 | Archives
 13200 | AxCrypt | Archives
 13300 | AxCrypt in memory SHA1 | Archives
 13600 | WinZip | Archives
 62XY | TrueCrypt | Full-Disk encryptions (FDE)
 X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)
 X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)
 X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)
 X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)
 Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)
 8800 | Android FDE < v4.3 | Full-Disk encryptions (FDE)
 12900 | Android FDE (Samsung DEK) | Full-Disk encryptions (FDE)
 12200 | eCryptfs | Full-Disk encryptions (FDE)
 137XY | VeraCrypt | Full-Disk encryptions (FDE)
 X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)
 X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)
 X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)
 X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)
 X | 5 = PBKDF2-HMAC-SHA256 | Full-Disk encryptions (FDE)
 X | 6 = PBKDF2-HMAC-SHA256 + boot-mode | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)
 Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)
 Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)
 Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)
 9700 | MS Office <= 2003 $0|$1, MD5 + RC4 | Documents
 9710 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #1 | Documents
 9720 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #2 | Documents
 9800 | MS Office <= 2003 $3|$4, SHA1 + RC4 | Documents
 9810 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #1 | Documents
 9820 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #2 | Documents
 9400 | MS Office 2007 | Documents
 9500 | MS Office 2010 | Documents
 9600 | MS Office 2013 | Documents
 10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents
 10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents
 10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents
 10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents
 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents
 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents
 9000 | Password Safe v2 | Password Managers
 5200 | Password Safe v3 | Password Managers
 6800 | Lastpass + Lastpass sniffed | Password Managers
 6600 | 1Password, agilekeychain | Password Managers
 8200 | 1Password, cloudkeychain | Password Managers
 11300 | Bitcoin/Litecoin wallet.dat | Password Managers
 12700 | Blockchain, My Wallet | Password Managers
 13400 | Keepass 1 (AES/Twofish) and Keepass 2 (AES) | Password Managers

- [ Outfile Formats ] -

# | Format
 ===+========
 1 | hash[:salt]
 2 | plain
 3 | hash[:salt]:plain
 4 | hex_plain
 5 | hash[:salt]:hex_plain
 6 | plain:hex_plain
 7 | hash[:salt]:plain:hex_plain
 8 | crackpos
 9 | hash[:salt]:crack_pos
 10 | plain:crack_pos
 11 | hash[:salt]:plain:crack_pos
 12 | hex_plain:crack_pos
 13 | hash[:salt]:hex_plain:crack_pos
 14 | plain:hex_plain:crack_pos
 15 | hash[:salt]:plain:hex_plain:crack_pos

- [ Rule Debugging Modes ] -

# | Format
 ===+========
 1 | Finding-Rule
 2 | Original-Word
 3 | Original-Word:Finding-Rule
 4 | Original-Word:Finding-Rule:Processed-Word

- [ Attack Modes ] -

# | Mode
 ===+======
 0 | Straight
 1 | Combination
 3 | Brute-force
 6 | Hybrid Wordlist + Mask
 7 | Hybrid Mask + Wordlist

- [ Built-in Charsets ] -

? | Charset
 ===+=========
 l | abcdefghijklmnopqrstuvwxyz
 u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
 d | 0123456789
 s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
 a | ?l?u?d?s
 b | 0x00 - 0xff

- [ OpenCL Device Types ] -

# | Device Type
 ===+=============
 1 | CPU
 2 | GPU
 3 | FPGA, DSP, Co-Processor

- [ Workload Profiles ] -

# | Performance | Runtime | Power Consumption | Desktop Impact
 ===+=============+=========+===================+=================
 1 | Low | 2 ms | Low | Minimal
 2 | Default | 12 ms | Economic | Noticeable
 3 | High | 96 ms | High | Unresponsive
 4 | Nightmare | 480 ms | Insane | Headless

- [ Basic Examples ] -

Attack- | Hash- |
 Mode | Type | Example command
 ==================+=======+==================================================================
 Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
 Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
 Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
 Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict

If you still have no idea what just happened try following pages:

* https://hashcat.net/wiki/#howtos_videos_papers_articles_etc_in_the_wild
* https://hashcat.net/wiki/#frequently_asked_questions