+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: unbruteforceabe hash? (/thread-1132.html)
unbruteforceabe hash? - matafor - 04-30-2012
Hi Folks!
I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))
I wanted to check if this algorithm is secure.
As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?
thanks!
RE: unbruteforceabe hash? - unix-ninja - 04-30-2012
(04-30-2012, 09:45 PM)matafor Wrote: Hi Folks!
I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))
I wanted to check if this algorithm is secure.
As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?
thanks!
No. especially since you have just posted this, it would be absolutely trivial to add this algorithm to a bruteforcer (or write your own).
Additionally, even if you don't divulge the combination, that doesn't guarantee someone can't figure it out, one way or another.
It may help to keep the script-kiddies out, but nothing is unbreakable.
RE: unbruteforceabe hash? - M@LIK - 04-30-2012
a similar algorithm, in fact more secure is already bruteforceable :: sha1($salt.sha1($salt.sha1($pass)))
RE: unbruteforceabe hash? - james123 - 04-30-2012
![[Image: Facepalm-Picard-360x360.jpg]](http://www.technobuffalo.com/wp-content/uploads/2012/01/Facepalm-Picard-360x360.jpg)
Read up on security through minority.
Then, once you have realized how silly it is to try to reinvent the wheel by out-smartening ones designed by cryptography geniuses;
Look at the preexisting algorithms available for you.
More specifically crypt(sha512) or bcrypt().
RE: unbruteforceabe hash? - undeath - 05-01-2012
see here: https://hashcat.net/forum/thread-1066.html