(03-20-2013, 02:54 AM)aromond Wrote: Is there any fundamental place to start? Any readings or documentation that you think would be helpful would be greatly appreciated.
This article is a good general summary of the current state of the art in password cracking. Start there and read more of the bits that interest you.
(03-20-2013, 02:54 AM)aromond Wrote: How do encryption engines use salts?
The salt is applied into the hashing algorithm, along with the password, when the hash is generated.
(03-20-2013, 02:54 AM)aromond Wrote: How do you crack hashes when salts are used?
You know how hashed passwords are cracked right? Basically, candidate passwords are run through the hashing algorithm and the result is compared with the captured hash. If the values match, then the candidate password is the one used to generate your captured hash.
Extrapolate from this - with salted hashes feed your candidate password AND the appropriate salt (which, as epixoip mentioned above is NOT secret) into the algorithm. If the resulting hash matches...
(03-20-2013, 02:54 AM)aromond Wrote: Do you need to know the salt to crack a hash?
Short answer: Yes. Longer answer: Technically the answer is algorithm dependent - some algorithms may have weaknesses that allow the password to be deduced without the salt. You would need to conduct some cryptanalysis on the algorithm to determine if this was feasible. it generally wont be though.
(03-20-2013, 02:54 AM)aromond Wrote: How do you tell what type of hash it is by looking at it?
Length and format provide clues (they at least narrow down possibilities). The location where you sourced the hash from really provides the definitive answer though. Got the hash from the SAM on a Windows system? Then its in LM and NTLM format. Etc.
(03-20-2013, 02:54 AM)aromond Wrote: Any pointers on good resources to learn more would be greatly appreciated. If you have any info just let me know.
If you're serious about learning this in depth, the very best way to do it would be to implement even just a basic hash generator (e.g. you put in a password and it spits out the hash) for your format of choice in code. It helps you to really grok whats going on.
Also, grab some of the leaked password lists from the 'Net (check out this for example), as well as the various common password lists and do some frequency analysis on them. How long, what characters are most frequently used and in which positions, etc. I vaguely remember a ruby tool out there used to do this, however I wrote my own when I went though this process. Once you understand this Hashcat has some funky mask options which can really increase your cracking efficiency.
Also, have a look at the mangling rules in john the ripper to understand what they do and why they work.