Date: Mon, 29 May 2006 16:58:06 -0400 From: "John Paine" <guipenguin@...il.com> To: john-users@...ts.openwall.com Subject: How does it actually dictionary attack salted hashes? If Unix password hashes normally contain a 12 bit salt, how can JTR, or any other cracking program who excepts /etc/shadow lines, be effective at allowing a user to supply a dictionary list? Lets say for example the salt was 'foobar' and the password was 'password'. How do these cracking program allow a dictionary list to be run on a hash such as foobarpasswordfoobar? I can see how brute forcing would work, as well as taking more work overall to do, but I don't understand how John the Ripper can also crack it by dictionary. I ask because I don't know. Thanks.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ