Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2006 03:55:46 -0800
From: Arias Hung <>
Subject: Re:  Re: salt manipulation

On Wed, 18 Jan 2006, Radim Horak delivered in simple text monotype:

>The salt string "BA" is not encrypted independently, it is not encrypted at all. 
>It is just used to change the password (those 8 characters) before encryption. 

Ahh.  Okay.  D0h ... if it's not encrypted then that kind of makes it lose its luster. :/

>I can generate hash with BA salt from ANY password and that's why it does NOT 
>get me one step closer to the second uncracked password - it could be anything.
>(ie. BAJ1ztYH0JZkM: anything, BAEtYMKB40o5E: 4NYtH|N6 :)
>IF salts were helpful in cracking passwords, anybody could generate any password 
>with all 4096 salts (hashes) - and he would then SOMEHOW crack all other 
>passwords more easily??? This is complete NONSENS!

Ah yes, seeing the salts as what they are now, this is only too true.  

>And, btw. I think the proper hash of "RnrfFdnc" with "BA" salt is 
>"BA8wXEAXrXU9Y" :)

Actually, i think it's BAPhQBwB0JjUM.  If only I could determine the key for the hash BA8wXEAXrXU9Y. :)
Thank you for your prompt reply.

Back to the drawing board.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.