Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 30 Nov 2019 12:51:31 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: How does john detect salt

On Fri, Nov 29, 2019 at 09:17:48PM +0000, David Taylor wrote:
> Given a password input such as 
> 
> $argon2i$m=700000,t=1,p=8$ncckjx4uQTSp37MMsQWtH+SDj+q/kl/RgVsbpuR/dHP6KsWym8oHbCr7Vt161Cd8
> 
> how could john detect which of the bytes are salt and which are password?

For this specific input, it can't.  That input is invalid.

> If a standard pattern of identifying the bytes which are part of the salt is not possible, 

The patterns vary by hash type, and are implemented in the corresponding
JtR formats.

> would any wordlist/dictionary/mask attack still be usable?

Of course, but I don't see how that question is related to what you
asked about salts.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.