lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 06 Oct 2007 15:25:33 +0300 From: Nikolay Kichukov <hijacker@...um.net> To: full-disclosure@...hmail.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: password hash Nice explanation Vladis, thanks! Cheers, -Nikolay full-disclosure@...hmail.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Wow Vladis shut the fuck up > > On Fri, 05 Oct 2007 10:35:36 -0400 Valdis.Kletnieks@...edu wrote: > >> On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said: >> >>> Does anyone know what kind of password hash this is? >>> 'password1' = >>> &c6;Ub&c3;&ab;&19;a&cf;&86; >>> >> Hex format would be less likely to be mis-parsed. I'm *guessing* >> you >> mean the hash is x'c65562c3 ab1961cf 86' - which is slightly odd, >> being >> 72 bits long. A salted 64-bit hash, perhaps? Or it might be some >> home-grown >> hash that somebody invented. >> >> If you know what 'password1' hashes to, it's time to do some >> differential >> cryptography and try hashing 'password2', 'password11', >> 'passwor111', and so >> on, to determine how many input characters the hash considers. >> The next thing >> to try is hashing 'qassword1' (which has one bit different from >> 'password1') >> and seeing how many of the output bits change, which will tell you >> the relative >> strength of the hash. A good hash will have about half the bits >> change on a >> one-bit difference (and continuing through q, r, s, t and so on >> won't reveal >> any pattern of *which* bits change), while a bad hash will fail to >> cause a bit >> cascade and only a few bits will be different in the output. >> > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 2.5 > > wpwEAQECAAYFAkcGdtUACgkQ+dWaEhErNvQLwQP+Ko1yikEE4RLH8sLeEb5e/NeMyVOC > LbhDm1FOs3U0mIEhA0Wuuh/7OP39xI9ot4L7kTZVBLL3b9pF7hrG4Wl2btsZPhBScGFc > LuUwNkW1UM6sEiZOTiysjRw3fcxMghr3uxVxD/fi3e14mJeb8y0Gcd/i7B/I81AVWORO > RlXr0ZY= > =E3Mo > -----END PGP SIGNATURE----- > > -- > Do you need to diversify your portfolio? Click here for informaton on trading currency. > http://tagline.hushmail.com/fc/Ioyw6h4eApyx5Oq5Gf7tziyDDQmkClkksyK1XaXAXEQZzL2L1TjxLy/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists