Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 May 2006 16:58:06 -0400
From: "John Paine" <>
Subject: How does it actually dictionary attack salted hashes?

If Unix password hashes normally contain a 12 bit salt, how can JTR, or any
other cracking program who excepts /etc/shadow lines, be effective at
allowing a user to supply a dictionary list? Lets say for example the salt
was 'foobar' and the password was 'password'.  How do these cracking program
allow a dictionary list to be run on a hash such as  foobarpasswordfoobar? I
can see how brute forcing would work, as well as taking more work overall to
do, but I don't understand how John the Ripper can also crack it by
dictionary. I ask because I don't know.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ