Vulnerability Development mailing list archives
Re: Password Cracking Challenge...
From: Ronish Mehta <sf_mail_sbm () yahoo com>
Date: Wed, 30 Jul 2003 22:19:39 -0700 (PDT)
--- David Schwartz <davids () webmaster com> wrote:
Two things: 1) You should have hashed a few of the shortest possible passwords, like 'a' and 'b' if the program would allow you to. At minimum, you should have hased passwords that are much more similar, like 'foo0' and 'foo1', or ideally '0' and '1'. You have no passwords that differ by only one character.
Application does not allow to put smaller passwords Password0 - D5FBB0C7C20D9CE79D3B837BD6FB3505 Password3 - D5FBB0C7C20D9CE7B872B3A0BD587B8D Password4 - D5FBB0C7C20D9CE7BE369511C82DD666 Password5 - D5FBB0C7C20D9CE75B475FA1726B4870
2) You need to tell people what it is they're working on. If we're going to help you compromise the security of something, we need to know what it is. You don't mention whether this is an algorithm you constructed just for this challenge or whether it's a real algorithm.
This is a real algorithm. It is used in a small application used at the company I work for, I posted this because i need to make a password audit for weak passwords, I have full access to the database this is how i get access to the hashes! We do not have access to the source code, so i can;t figure out the algorithm __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Current thread:
- Password Cracking Challenge... Ronish Mehta (Jul 28)
- RE: Password Cracking Challenge... David Schwartz (Jul 28)
- <Possible follow-ups>
- Re: Password Cracking Challenge... Justin Pryzby (Jul 28)
- Re: Password Cracking Challenge... David Riley (Jul 28)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 28)
- Re: Password Cracking Challenge... Vizzy (Jul 28)
- Re: Password Cracking Challenge... Ronish Mehta (Jul 31)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 31)