Date: Sat, 16 Mar 2013 11:23:49 +0100 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Cisco - Password type 4 - SHA256 On 03/15/2013 07:21 PM, Dhiru Kholia wrote: > On Fri, Mar 15, 2013 at 5:13 AM, Sc00bz64@...oo.com <sc00bz64@...oo.com> wrote: >> Anyone have hash examples (password:hash) of this so people can have fun with it. > > Sample hashes attached. Let me know if you require more samples. > > No salting is done. Some custom obfuscation? With limited hardware resources (compared to those of an attacker), you can't increase the cost of computing a single hash in a way that makes the hashes hard to attack on more powerful hardware. So, using a random salt and a reasonable salt size is probably the best you can do. Not using a salt definitely is a bad idea here. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.