Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Jun 2012 10:13:40 +0400
From: Solar Designer <>
To: Dmitriy Serebryannikov <>
Cc: Aleksey Cherepanov <>,
	hashrunner <>,
Subject: Re: where are the salts?

On Tue, Jun 05, 2012 at 10:06:50AM +0400, Solar Designer wrote:
> While empty username for DCC2 hashes is weird and unlikely to be seen in
> the wild (but I don't rule out the possibility), there's no such thing
> as empty salt for phpass hashes that phpBB3 and WordPress use.  Those
> 27-char strings, if put into a user database of phpBB3 or WordPress,
> would probably not allow one to log in with any password at all - so
> wouldn't it be correct to say that no password matches them? ;-)

I meant 26-char.  The full/correct phpass hash encodings are 34-char.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.