Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d9b5fc8a-8ce4-0927-71da-379fad175163@openwall.net>
Date: Wed, 20 Jul 2016 16:18:11 -0500
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: need to find salt

On 7/20/2016 2:34 PM, Joe Konecny wrote:
> I have a salted MD5 hash.  I have the string that was hashed I just want
> to find the salt.  I don't know the salt size or location.

Without knowing anything about the salting method, it will simply be a 
trial and error way of proceeding.  If you 'knew' that the algorithm was 
md5($p.$s) and $s was a ascii string of 8 characters, then you have a 
better target (but a pretty large universe of candidates).  If you know 
that it is md5($p.$s) and $s is 16 character lower case hex values, then 
again you can target that.  If you find the salt is 32 bytes of random 
binary data, then you might as well give up finding the salt.

I tested all binary data, from 1 to 4 bytes for md5($s.$p) and 
md5($p.$s) and the salt was not found.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.