--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
Ok.
Well yes, JTR cud recognize it as FreeBSD 32/32. But, its taking hell lot of time even on the Xeon server.
Because AFAICS, it's not utilizing all the cores of CPU.
My question is, what could be best possible way to crack those hashes?
-
TAS
http://twitter.com/p0wnsauc3
Hello Yash,
On Mon, Aug 8, 2011 at 3:44 PM, Yash Kadakia <tecc...@gmail.com> wrote:It really comes down to how the password has been salted. There are n number of ways in which developers could salt the password for e.g.:
- md5(password + salt)
- md5(salt + password)
- md5(pass + salt +word)
- md5(md5(password) + md5(salt))
- and a million other such combinations
Cool. Very comprehensive.
But, it's FreeBSD style md5 hash + salt combination, which is commonly used to store passwords in Linux.
So which of mentioned, must have been used in Unix/Linux OSes?
Additionally the contents of the salt could also realistically be anything. With this level of variation, the only real options you have are:
- Raw brute force
It would take hell lot of time.
- Reverse engineering the salted hash via a known password
Could you be more descriptive?
- Identifying the hashing process
I could not find technique used in most *Nix OS(Or maybe I'm not using proper keywords;-) )
But, would be great if someone knows it.
It really comes down to how the password has been salted. There are n number of ways in which developers could salt the password for e.g.:
- md5(password + salt)
- md5(salt + password)
- md5(pass + salt +word)
- md5(md5(password) + md5(salt))
- and a million other such combinations
Additionally the contents of the salt could also realistically be anything. With this level of variation, the only real options you have are:
- Raw brute force
- Reverse engineering the salted hash via a known password
- Identifying the hashing process
Yash Kadakia
Office: +91-022-23532909
Office: +1-347-99-ITSEC (+1-347-994-8732)
Mobile: +91-9833375290
Blog: http://www.yashkadakia.com/
Sent on my BlackBerry® from Vodafone
--