Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Jan 2006 23:40:40 +0000 (UTC)
From:  Radim Horak <>
Subject:  Re: salt manipulation

 <arias@...> writes:

> For the sake of simplicity let's say i have two password files, each 
containing precisely one entry each
> (root), that live on machines of exactly identical architecture.  Each has a 
hash string containing
> identical salts that represent an 8 character password of type Alpha.  For 
> root:BAwwEI4sOsa8k:0:0:Root,,,:/:/bin/sh    -machine A
> root:BAPhQBwB0JjUM:0:0:Root,,,:/:/bin/sh    -machine B
> After running john for some time, john guesses correctly machine B's password.
> BAPhQBwB0JjUM :  RnrfFdnc
> Since the encrypted DES 13 character ascii string is obtained from a 56 bit 
key comprised from the lowest
> seven bits of each of the 8 characters of the password, and both ecrypted DES 
13 character ascii strings
> share the same salt (BA) in this case, would this not then be of potential to 
refine the guesswork for
> machine A's 13 character ascii string?

> Or are you saying that despite sharing the salt's alpha notation of letter B 
and letter A in both instances,
> that they represent completely different values?  I'm not sure I see how that 
is the case if the encrypted
> strings are obtained by the same means ... namely by the 56 bit key that 
repeatedly encrypts a string
> constant obtained from the 7 lowest bits of the actual password.
> Is any of this making any sense?

As I said earlier: Cracking password with certain hash (BA) helps in NO WAY to 
crack different password with the same salt. Moreover, if you are cracking only 
1 password, it is irrelevant if it uses salt or not. And the machine and it's 
architecture is also irrelevant. Salts do NOT reduce complexity, they increase 

The salt string "BA" is not encrypted independently, it is not encrypted at all. 
It is just used to change the password (those 8 characters) before encryption. 

I can generate hash with BA salt from ANY password and that's why it does NOT 
get me one step closer to the second uncracked password - it could be anything.
(ie. BAJ1ztYH0JZkM: anything, BAEtYMKB40o5E: 4NYtH|N6 :)

IF salts were helpful in cracking passwords, anybody could generate any password 
with all 4096 salts (hashes) - and he would then SOMEHOW crack all other 
passwords more easily??? This is complete NONSENS!

In your example you can only guess the second password more easily if it's 
similar to the first password (ie. based on the knowledge of this person's 
strategy on creating passwords) AND if you know in what way they are similar. 
The shared salt has nothing to do with it.

And, btw. I think the proper hash of "RnrfFdnc" with "BA" salt is 
"BA8wXEAXrXU9Y" :)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.