Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20060119115546.GB9014@radio.m-a-g.net>
Date: Thu, 19 Jan 2006 03:55:46 -0800
From: Arias Hung <arias@...-g.net>
To: john-users@...ts.openwall.com
Subject: Re:  Re: salt manipulation

On Wed, 18 Jan 2006, Radim Horak delivered in simple text monotype:

>The salt string "BA" is not encrypted independently, it is not encrypted at all. 
>It is just used to change the password (those 8 characters) before encryption. 
---snip--->

Ahh.  Okay.  D0h ... if it's not encrypted then that kind of makes it lose its luster. :/

>
>I can generate hash with BA salt from ANY password and that's why it does NOT 
>get me one step closer to the second uncracked password - it could be anything.
>(ie. BAJ1ztYH0JZkM: anything, BAEtYMKB40o5E: 4NYtH|N6 :)
>
>IF salts were helpful in cracking passwords, anybody could generate any password 
>with all 4096 salts (hashes) - and he would then SOMEHOW crack all other 
>passwords more easily??? This is complete NONSENS!
<---snap

Ah yes, seeing the salts as what they are now, this is only too true.  

>And, btw. I think the proper hash of "RnrfFdnc" with "BA" salt is 
>"BA8wXEAXrXU9Y" :)

Actually, i think it's BAPhQBwB0JjUM.  If only I could determine the key for the hash BA8wXEAXrXU9Y. :)
Thank you for your prompt reply.


Back to the drawing board.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.