Vulnerability Development mailing list archives
RE: Password Cracking Challenge...
From: "David Schwartz" <davids () webmaster com>
Date: Mon, 28 Jul 2003 13:40:36 -0700
Below is a list of password (case sensitive) together with the encrypted password, is it possible to determine the algorithm used to hash the passwords with this sample? If so, what would the hash for the password: Fir88x!t QUALITY - 52C52E2CC668FD2C0000000000000000 Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1 Password123 - D5FBB0C7C20D9CE7DBFA06AF253CC5C9 Password2 - D5FBB0C7C20D9CE728B6D2DC010F626F Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5 Cr@ckM3! - FECC4F25D07CD6890000000000000000
Two things: 1) You should have hashed a few of the shortest possible passwords, like 'a' and 'b' if the program would allow you to. At minimum, you should have hased passwords that are much more similar, like 'foo0' and 'foo1', or ideally '0' and '1'. You have no passwords that differ by only one character. 2) You need to tell people what it is they're working on. If we're going to help you compromise the security of something, we need to know what it is. You don't mention whether this is an algorithm you constructed just for this challenge or whether it's a real algorithm. Also, it's obvious that the program divides the password into two portions and does a 64-bit hash of each. So the problem reduces to figuring out what 64-bit hashing function that is. DS
Current thread:
- Password Cracking Challenge... Ronish Mehta (Jul 28)
- RE: Password Cracking Challenge... David Schwartz (Jul 28)
- <Possible follow-ups>
- Re: Password Cracking Challenge... Justin Pryzby (Jul 28)
- Re: Password Cracking Challenge... David Riley (Jul 28)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 28)
- Re: Password Cracking Challenge... Vizzy (Jul 28)
- Re: Password Cracking Challenge... Ronish Mehta (Jul 31)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 31)