Full Disclosure mailing list archives

Re: password hash

From: Nikolay Kichukov <hijacker () oldum net>
Date: Sat, 06 Oct 2007 15:25:33 +0300

Nice explanation Vladis, thanks!

Cheers,
-Nikolay

full-disclosure () hushmail com wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wow Vladis shut the fuck up

On Fri, 05 Oct 2007 10:35:36 -0400 Valdis.Kletnieks () vt edu wrote:

On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said:

Does anyone know what kind of password hash this is?
'password1' =
&c6;Ub&c3;&ab;&19;a&cf;&86;

Hex format would be less likely to be mis-parsed.  I'm *guessing*
you
mean the hash is x'c65562c3 ab1961cf 86' - which is slightly odd,
being
72 bits long.  A salted 64-bit hash, perhaps?  Or it might be some
home-grown
hash that somebody invented.

If you know what 'password1' hashes to, it's time to do some
differential
cryptography and try hashing 'password2', 'password11',
'passwor111', and so
on, to determine how many input characters the hash considers.
The next thing
to try is hashing 'qassword1' (which has one bit different from
'password1')
and seeing how many of the output bits change, which will tell you
the relative
strength of the hash.  A good hash will have about half the bits
change on a
one-bit difference (and continuing through q, r, s, t and so on
won't reveal
any pattern of *which* bits change), while a bad hash will fail to
cause a bit
cascade and only a few bits will be different in the output.

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcGdtUACgkQ+dWaEhErNvQLwQP+Ko1yikEE4RLH8sLeEb5e/NeMyVOC
LbhDm1FOs3U0mIEhA0Wuuh/7OP39xI9ot4L7kTZVBLL3b9pF7hrG4Wl2btsZPhBScGFc
LuUwNkW1UM6sEiZOTiysjRw3fcxMghr3uxVxD/fi3e14mJeb8y0Gcd/i7B/I81AVWORO
RlXr0ZY=
=E3Mo
-----END PGP SIGNATURE-----

--
Do you need to diversify your portfolio?  Click here for informaton on trading currency.
http://tagline.hushmail.com/fc/Ioyw6h4eApyx5Oq5Gf7tziyDDQmkClkksyK1XaXAXEQZzL2L1TjxLy/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

password hash Brian Toovey (Oct 04)
- Re: password hash gjgowey (Oct 04)
- Re: password hash Valdis . Kletnieks (Oct 05)
  - Re: password hash Mark Senior (Oct 05)
- <Possible follow-ups>
- Re: password hash full-disclosure (Oct 05)
  - Re: password hash Nikolay Kichukov (Oct 06)