RE: Password Cracking Challenge...

["David Schwartz" <davids () webmaster com>]

> Below is a list of password (case sensitive) together
> with the encrypted password, is it possible to
> determine the algorithm used to hash the passwords
> with this sample?
>
> If so, what would the hash for the password: Fir88x!t
>
> QUALITY - 52C52E2CC668FD2C0000000000000000
>
> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1
>
> Password123 - D5FBB0C7C20D9CE7DBFA06AF253CC5C9
>
> Password2 - D5FBB0C7C20D9CE728B6D2DC010F626F
>
> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5
>
> Cr@ckM3! - FECC4F25D07CD6890000000000000000

        Two things:

        1) You should have hashed a few of the shortest possible passwords, like
'a' and 'b' if the program would allow you to. At minimum, you should have
hased passwords that are much more similar, like 'foo0' and 'foo1', or
ideally '0' and '1'. You have no passwords that differ by only one
character.

        2) You need to tell people what it is they're working on. If we're going to
help you compromise the security of something, we need to know what it is.
You don't mention whether this is an algorithm you constructed just for this
challenge or whether it's a real algorithm.

        Also, it's obvious that the program divides the password into two portions
and does a 64-bit hash of each. So the problem reduces to figuring out what
64-bit hashing function that is.

        DS