Full Disclosure mailing list archives

Re: Best way to crack NT passwds

From: Karsten Gessner <admin () karsten pcn de>
Date: Mon, 01 Aug 2005 00:23:51 +0200

Only OLD system password are working with rainbow tables. On newer
"Salt is used to randomize the stored password hash. With different salt
value, same password yeilds different hash value. The time-memory
trade-off technique used by RainbowCrack is not practical when appliable
to this kind of hash."


Re:Things I've always wanted to know about salting (Score:5,
Informative)  
by jcochran (309950) on Sunday July 04, @01:09AM (#9604125)  The "salt"
is used to change how the password is hashed. If you look at the shadow
password file on your computer, you'll see some lines that look like
this 

root:$1$abcdefge$abcd1234efg789hijklmno:0:0:... 

You'll notice that the password field (the stuff after the 1st colon,
and before the 2nd colon) is itself divided into 3 fields separated by
dollar signs. The purpose of these fields are:

1st field - Identifies hashing method. This allows for future changes to
how the password in stored while allowing backward compatability with
existing passwords.

2nd field - This contains the salt used to hash the password. In order
to verify a new password, this exact salt must be used in the hashing
process. Since in this case, it's 8 characters long and each character
can be one of 64 values, it means that each possible password my be
hashed into one of 2^48 different values. This salt is generated
randomly at the time that you set your password. The randomly generated
salt is then stored here for use in verifying future authencation
attempts.

3rd field - This is the actual hashed password using the salt specified
in the previous field. It is 22 characters long, which with base 64
encoding can store 132 bits. Since MD5 only hashes to 128 bits, there
are 4 unused bits at the tail end of this value. 

-----
after reading and understanding rainbowtables I became a little bit
nervous till I read about the salt in it ;-)  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Best way to crack NT passwds X u r r o n (Jul 30)
- Re: Best way to crack NT passwds ad () class101 org (Jul 30)
- Re: Best way to crack NT passwds 3APA3A (Jul 30)
- Re: Best way to crack NT passwds Paul Farrow (Jul 30)
  - Re: Best way to crack NT passwds ad () class101 org (Jul 30)
    - Re: Best way to crack NT passwds Paul Farrow (Jul 30)
    - Re: Best way to crack NT passwds ad () class101 org (Jul 30)
    - RE: Best way to crack NT passwds Clement Dupuis (Jul 30)
    - Re: Best way to crack NT passwds Ken (Jul 30)
    - Re: Best way to crack NT passwds X u r r o n (Jul 30)
    - Re: Best way to crack NT passwds Karsten Gessner (Jul 31)