Date: Thu, 19 Jan 2006 03:55:46 -0800 From: Arias Hung <arias@...-g.net> To: john-users@...ts.openwall.com Subject: Re: Re: salt manipulation On Wed, 18 Jan 2006, Radim Horak delivered in simple text monotype: >The salt string "BA" is not encrypted independently, it is not encrypted at all. >It is just used to change the password (those 8 characters) before encryption. ---snip---> Ahh. Okay. D0h ... if it's not encrypted then that kind of makes it lose its luster. :/ > >I can generate hash with BA salt from ANY password and that's why it does NOT >get me one step closer to the second uncracked password - it could be anything. >(ie. BAJ1ztYH0JZkM: anything, BAEtYMKB40o5E: 4NYtH|N6 :) > >IF salts were helpful in cracking passwords, anybody could generate any password >with all 4096 salts (hashes) - and he would then SOMEHOW crack all other >passwords more easily??? This is complete NONSENS! <---snap Ah yes, seeing the salts as what they are now, this is only too true. >And, btw. I think the proper hash of "RnrfFdnc" with "BA" salt is >"BA8wXEAXrXU9Y" :) Actually, i think it's BAPhQBwB0JjUM. If only I could determine the key for the hash BA8wXEAXrXU9Y. :) Thank you for your prompt reply. Back to the drawing board. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.