|
Message-ID: <20120605061340.GB15861@openwall.com> Date: Tue, 5 Jun 2012 10:13:40 +0400 From: Solar Designer <solar@...nwall.com> To: Dmitriy Serebryannikov <DSerebryannikov@...ecurity.ru> Cc: Aleksey Cherepanov <aleksey.4erepanov@...il.com>, hashrunner <hashrunner@...ecurity.com>, john-users@...ts.openwall.com Subject: Re: where are the salts? On Tue, Jun 05, 2012 at 10:06:50AM +0400, Solar Designer wrote: > While empty username for DCC2 hashes is weird and unlikely to be seen in > the wild (but I don't rule out the possibility), there's no such thing > as empty salt for phpass hashes that phpBB3 and WordPress use. Those > 27-char strings, if put into a user database of phpBB3 or WordPress, > would probably not allow one to log in with any password at all - so > wouldn't it be correct to say that no password matches them? ;-) I meant 26-char. The full/correct phpass hash encodings are 34-char. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.