05-10-2014, 01:55 PM
(05-10-2014, 10:13 AM)personguy Wrote: In the wiki example, how does the salt factor in? As the password is "hashcat" is the hex before the ':' separator equal to md5(1234.hashcat.1234)? Is that correct?Yes.
(05-10-2014, 10:13 AM)personguy Wrote: In that case, what about two different salts (salt1 and salt2, as it were)? At the moment I am specifically looking at the authentication in a router, where the salt shows up in JSON format (\111\330\ etc.), which I can convert to UTF-8 or hex.You can't use 2 different salts with that hash type, you would need to use either -m 10 and prepend the other salt or -m 20 and append the other salt.
(05-10-2014, 10:13 AM)personguy Wrote: The salt(s) change with each password attempt, but I can view the salt(s) that belong with a given hash.Are you sure of this ? I doubt the salt(s) would change with each password attempt, or do you mean "password change" by "password attempt" ? In that case yes, whenever you change your password a new salt is generated.
(05-10-2014, 10:13 AM)personguy Wrote: Converting the JSON format salt to hex gives me a total of another 34 bits (salt1=2 bits, salt2=32). Much more than four digits (i.e. 1234)! Given that the wiki examples are indicative of exact appropriate lengths, it seems like the salt in this case must be four digits long.At least for this hash type (aswell a bunch of other ones) the salt length can vary, it's just an example.
(05-10-2014, 10:13 AM)personguy Wrote: Am I thinking about salts all wrong? I thought I had a pretty good grasp on this, but a four-digit salt here doesn't fit with what I thought I understood.http://en.wikipedia.org/wiki/Salt_(cryptography)