sha-1 with salt cracking issue
#7
(07-02-2013, 09:29 AM)philsmd Wrote: The algorithm could use and do literally everything.
I mean, it could iterate a random number of times (and store the number in salt), it could split the salt and prefix/suffix it, append it, suffix it, transform it first etc etc etc

If it is your app, you should be able to check what it does AND know what it does, otherwise there is sth strange happening here.
Our focus should also remain on recovering passwords and not instead blindly guess what an app could possibly do. Of course, sometimes this job also needs to be done, but *not* if it is an app/code under your control.

Furthermore, it seems that before your changes the salt wasn't *at all* numeric (instead it seemed to be (I think) 4 hex chars)... so I am totally confused what you are trying to do here, why you changed the salt format and why one should *crack the algorithm* under his control

Sorry my head is in vacation mode, the first paste was from when i had tested to convert it to hex and see if that was the reason. But yes you are right it's going to be rather hard to know whats going on without the source and im just gonna wait till i get back to work where i can review the code. Thanks for the answers so far though Smile


Messages In This Thread
sha-1 with salt cracking issue - by johnreich - 07-01-2013, 07:37 PM
RE: sha-1 with salt cracking issue - by philsmd - 07-01-2013, 07:48 PM
RE: sha-1 with salt cracking issue - by johnreich - 07-01-2013, 08:29 PM
RE: sha-1 with salt cracking issue - by philsmd - 07-01-2013, 08:38 PM
RE: sha-1 with salt cracking issue - by johnreich - 07-02-2013, 08:13 AM
RE: sha-1 with salt cracking issue - by philsmd - 07-02-2013, 09:29 AM
RE: sha-1 with salt cracking issue - by johnreich - 07-02-2013, 11:39 AM