RE: Securing encrypted data in RAM vs MSSQL

[Dean Saxe <Dean.Saxe () DigitalInsight com>]

Shouldn't a salt value added to the plaintext before hashing effectively
make this kind of a dictionary attack much more difficult, if not
impossible, to perform since you would have to recover the salt and
plaintext?

-dhs

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga]
Sent: Thursday, July 01, 2004 1:19 PM
To: Toro, Daniel; Stan Guzik; Dave Andrews; webappsec () securityfocus com;
forensics () securityfocus com
Subject: RE: Securing encrypted data in RAM vs MSSQL


Well, there is always a way to recover the real password or login from a
hash...the matter's is the time it will take!


The method to "dehash" a hash is quite simple: as theorically a hash_1 can
be produced by a single pass_1/login_1/..., we can create a huge amount of
random pass_2/logins_2/..., hash them with MD5/SHA-1/... and then compare
each of them with our hash_1. ASA the two hashes are the same, we can pick
up the pass/login/... which produced hash_2. Quite simple but really long to
perform.

BTW, Cain & Abel, John the Ripper and Crack can perform such recoveries...
:)