Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Mar 2013 11:23:49 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cisco - Password type 4 - SHA256

On 03/15/2013 07:21 PM, Dhiru Kholia wrote:
> On Fri, Mar 15, 2013 at 5:13 AM, Sc00bz64@...oo.com <sc00bz64@...oo.com> wrote:
>> Anyone have hash examples (password:hash) of this so people can have fun with it.
> 
> Sample hashes attached. Let me know if you require more samples.
> 
> No salting is done. Some custom obfuscation?

With limited hardware resources (compared to those of an attacker), you
can't increase the cost of computing a single hash in a way that makes
the hashes hard to attack on more powerful hardware.
So, using a random salt and a reasonable salt size is probably the best
you can do. Not using a salt definitely is a bad idea here.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ