1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA Forums Hack: Passwords Not Salted

Discussion in 'News' started by btarunr, Jul 16, 2012.

  1. Widjaja

    Widjaja

    Joined:
    Jun 12, 2007
    Messages:
    4,819 (1.81/day)
    Thanks Received:
    636
    Location:
    Wangas, New Zealand
    Unsalted hash passwords.....
     
  2. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.97/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    Not sure what your implying here, Widj. Care to elaborate?
     
  3. Widjaja

    Widjaja

    Joined:
    Jun 12, 2007
    Messages:
    4,819 (1.81/day)
    Thanks Received:
    636
    Location:
    Wangas, New Zealand
    It's called lack of understanding in terms of salted and hash.

    But mainly the first time I have heard of the word salted being used is relation to this situation.
     
  4. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.97/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    When you run a string (password) through a hash algoithm it generates a fixed length string based on the bit length of the encryption that represents the string.
    You can't really decrypt a hash, but you can run many, many strings through the algorithm to see if the the hash you get matches the one in questions. This is easily done with dictionaries (as most people use common words for passwords so they can remember them) and with today's hardware can be done very quickly.
    However, if the password is something very uncommon or convoluted, they will have to run a brute force attack on the hash. This means they will have to try every combination possible of the string.
    This is incredibly hard if a) you have no idea what the length of the string is to begin with, and b) what characters are included in the string.

    Here is and example
    This is a MD5 hash of a strong password with no salt ... 4fa40cf7dd4c6ce484ef12a59ec28288
    Good luck getting that password other than through brute force.
    If I salted it it would be infinitely harder, but the point is that if you use a strong password from the start the likelyhood of your hash being compromised in still pretty slim.
     
  5. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,032 (7.86/day)
    Thanks Received:
    7,588
    All this talk of salted hash is making me hungry.
     
    theJesus, remixedcat and Aquinus say thanks.
  6. pantherx12

    pantherx12 New Member

    Joined:
    Jan 2, 2009
    Messages:
    9,714 (4.63/day)
    Thanks Received:
    1,699
    Location:
    ENGLAND-LAND-LAND


    I've started !

    I'll let you know when I'm done :laugh:

    *edit* Well once I've learnt how to use the program I downloaded, it ripped through one of the examples it had though, took 0.2 ms to crack XD

    *edit 2* Got it going, lets see how it goes!

    *edit 3* Brute Force mode doesn't seem to be working ( does nothing!) So trying straight mode... this will take a while.

    *edit 4* Nothing seems to be working at all XD 0% GPU utilisation ha ha
     
    Last edited: Jul 18, 2012

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page