|
Message-ID: <CANnLRdi+0P_jZ8UjAKXTGgnpLZ8Xksc37gNM_rezbXOtqx6f=w@mail.gmail.com> Date: Wed, 6 Jun 2012 12:09:47 -0600 From: Stephen John Smoogen <smooge@...il.com> To: john-users@...ts.openwall.com Subject: Re: Salted Sha-1 Quetsions On 6 June 2012 11:42, . . <topfirsthill@...mail.com> wrote: > > I'm just getting my feet wet here and have a couple of questions... Are Sha-1 hashes case-sensitive? I've been running JTR for a couple days now, and just realized I used lower-case letters where the Hash was actually in all-caps. Does JTR handle salted sha-1 hashes well? It's been two days, and JTR seems to be on passwords up to 8 char... Does this mean adding just one other character will cause the crack time to increase to months? Thanks! There are several different "SHA-1 hashes" around. I am guessing you are meaning the 40 character ones like facb44fa274bc8830e6119de2a9db2ab3dc25164 All this is basically a hash of the word using a sha1 hash item. In this case the hash itself is case-sensitive so no.password will hash to what I had before but No.Password will hash to something else. Now some websites and such will uppercase or lowercase a password before it is sent to any hash algorithm so both of those would end up being hashed to NO.PASSWORD whether you typed one or the other. If you are wanting to make an upper case .char set instead of using the lowercase alpha that john gives, you can run your dictionaries through an uppercase converter and then do a make-charset from those. It can be useful in cases like this. In the answer to your question, yes every additional letter makes the exhaustive search of a hash to be X times longer (where X is equal to the number of characters in the set being searched.) This is why using dictionaries and rules work best for long passwords.. even your fastest processors are going to take years to exhaust a 10 character 96 character space of SHA-1 hashes. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.