Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Mar 2013 11:23:49 +0100
From: Frank Dittrich <>
Subject: Re: Cisco - Password type 4 - SHA256

On 03/15/2013 07:21 PM, Dhiru Kholia wrote:
> On Fri, Mar 15, 2013 at 5:13 AM, <> wrote:
>> Anyone have hash examples (password:hash) of this so people can have fun with it.
> Sample hashes attached. Let me know if you require more samples.
> No salting is done. Some custom obfuscation?

With limited hardware resources (compared to those of an attacker), you
can't increase the cost of computing a single hash in a way that makes
the hashes hard to attack on more powerful hardware.
So, using a random salt and a reasonable salt size is probably the best
you can do. Not using a salt definitely is a bad idea here.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.