09-07-2025, 09:26 AM
(This post was last modified: 09-09-2025, 05:10 PM by Chick3nman.)
For DEScrypt hashes, the first 2 characters are a "salt" and the following 11 characters are the actual "hash". The resulting outputs should always be 13 characters.
The above outputs are 14 characters long. Both seem to have the same "salt" portion, "c6", followed by a "[" and then a different hash. This would seemingly indicate reuse of the salt but different passwords. All of the other hashes appear to be the correct length and have the same salts and hashes (ignoring the ones that don't appear in both like "stunnel"). This would lead me to believe that the "[" is simply added into the root hash for some reason, possibly to invalidate it or possibly because it follows a noncompliant/different/custom algorithm and format. Best guess would be just to remove the "[" and try both of the root accounts and see if either crack with the salt that's present.
Edit: I made a mistake when checking the lengths of these hashes, my original theory no longer holds up and I'm not sure what these are yet.
Code:
c6[YgflxsopH3
c6[PGXUxuoBd2The above outputs are 14 characters long. Both seem to have the same "salt" portion, "c6", followed by a "[" and then a different hash. This would seemingly indicate reuse of the salt but different passwords. All of the other hashes appear to be the correct length and have the same salts and hashes (ignoring the ones that don't appear in both like "stunnel"). This would lead me to believe that the "[" is simply added into the root hash for some reason, possibly to invalidate it or possibly because it follows a noncompliant/different/custom algorithm and format. Best guess would be just to remove the "[" and try both of the root accounts and see if either crack with the salt that's present.
Edit: I made a mistake when checking the lengths of these hashes, my original theory no longer holds up and I'm not sure what these are yet.