Full Disclosure mailing list archives
Re: password hash
From: <full-disclosure () hushmail com>
Date: Fri, 05 Oct 2007 13:39:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wow Vladis shut the fuck up On Fri, 05 Oct 2007 10:35:36 -0400 Valdis.Kletnieks () vt edu wrote:
On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said:Does anyone know what kind of password hash this is? 'password1' = &c6;Ub&c3;&ab;&19;a&cf;&86;Hex format would be less likely to be mis-parsed. I'm *guessing* you mean the hash is x'c65562c3 ab1961cf 86' - which is slightly odd, being 72 bits long. A salted 64-bit hash, perhaps? Or it might be some home-grown hash that somebody invented. If you know what 'password1' hashes to, it's time to do some differential cryptography and try hashing 'password2', 'password11', 'passwor111', and so on, to determine how many input characters the hash considers. The next thing to try is hashing 'qassword1' (which has one bit different from 'password1') and seeing how many of the output bits change, which will tell you the relative strength of the hash. A good hash will have about half the bits change on a one-bit difference (and continuing through q, r, s, t and so on won't reveal any pattern of *which* bits change), while a bad hash will fail to cause a bit cascade and only a few bits will be different in the output.
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcGdtUACgkQ+dWaEhErNvQLwQP+Ko1yikEE4RLH8sLeEb5e/NeMyVOC LbhDm1FOs3U0mIEhA0Wuuh/7OP39xI9ot4L7kTZVBLL3b9pF7hrG4Wl2btsZPhBScGFc LuUwNkW1UM6sEiZOTiysjRw3fcxMghr3uxVxD/fi3e14mJeb8y0Gcd/i7B/I81AVWORO RlXr0ZY= =E3Mo -----END PGP SIGNATURE----- -- Do you need to diversify your portfolio? Click here for informaton on trading currency. http://tagline.hushmail.com/fc/Ioyw6h4eApyx5Oq5Gf7tziyDDQmkClkksyK1XaXAXEQZzL2L1TjxLy/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- password hash Brian Toovey (Oct 04)
- Re: password hash gjgowey (Oct 04)
- Re: password hash Valdis . Kletnieks (Oct 05)
- Re: password hash Mark Senior (Oct 05)
- <Possible follow-ups>
- Re: password hash full-disclosure (Oct 05)
- Re: password hash Nikolay Kichukov (Oct 06)