How to identify and crack a macOS 10.4–10.6 (salted SHA-1) hash

macOS 10.4–10.6 (salted SHA-1) is a unix crypt hash type. It uses a deliberately slow, salted key-derivation scheme, so only weak or short passwords are realistically recoverable. This page shows how to recognise it and the exact commands to attack it.

All identification runs locally in WebAssembly. The commands below write the hash to a local file on your machine — nothing is sent to this site.

Identifying the hash

The hash identifier on the home page detects macOS 10.4–10.6 (salted SHA-1) entirely in your browser — your hash is never uploaded. A typical example looks like this:

1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683

Cracking macOS 10.4–10.6 (salted SHA-1) with hashcat

Save the hash to a file and run hashcat in mode -m 122. Expect this to be slow — use a focused wordlist. Start with a wordlist such as rockyou.txt:

echo '1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683' > hash.txt && hashcat -m 122 hash.txt /usr/share/wordlists/rockyou.txt

Add a rule set to mutate dictionary words (capitalisation, leetspeak, appended digits) and dramatically widen coverage:

echo '1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683' > hash.txt && hashcat -m 122 hash.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Cracking macOS 10.4–10.6 (salted SHA-1) with John the Ripper

John the Ripper can attack the same hash with the xsha format:

echo '1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683' > hash.txt && john --format=xsha --wordlist=/usr/share/wordlists/rockyou.txt hash.txt