• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA Forums Hack: Passwords Not Salted

Joined
Jun 12, 2007
Messages
4,815 (1.24/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#51
Unsalted hash passwords.....
 
Joined
Jun 12, 2007
Messages
4,815 (1.24/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#53
It's called lack of understanding in terms of salted and hash.

But mainly the first time I have heard of the word salted being used is relation to this situation.
 

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (3.46/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
#54
When you run a string (password) through a hash algoithm it generates a fixed length string based on the bit length of the encryption that represents the string.
You can't really decrypt a hash, but you can run many, many strings through the algorithm to see if the the hash you get matches the one in questions. This is easily done with dictionaries (as most people use common words for passwords so they can remember them) and with today's hardware can be done very quickly.
However, if the password is something very uncommon or convoluted, they will have to run a brute force attack on the hash. This means they will have to try every combination possible of the string.
This is incredibly hard if a) you have no idea what the length of the string is to begin with, and b) what characters are included in the string.

Here is and example
This is a MD5 hash of a strong password with no salt ... 4fa40cf7dd4c6ce484ef12a59ec28288
Good luck getting that password other than through brute force.
If I salted it it would be infinitely harder, but the point is that if you use a strong password from the start the likelyhood of your hash being compromised in still pretty slim.
 
Joined
Jun 3, 2007
Messages
22,425 (5.78/day)
Likes
8,941
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2400 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#55
All this talk of salted hash is making me hungry.
 
Joined
Jan 2, 2009
Messages
9,767 (2.96/day)
Likes
1,779
Location
Suffolk/Essex, England
System Name Joseph's Laptop Clevo P771ZM
Processor 4970k @4/4.4ghz
Motherboard *shrugs*
Cooling About 2 kilos of copper fins and pipes.
Memory 2x 8gb
Video Card(s) GTX 970m 6gb
Storage 500gb Msata SSD 2x 2TB storage drives
Display(s) Built in
Power Supply 300w power brick
Mouse Steam controller
Software Windows ten
#56
Here is and example
This is a MD5 hash of a strong password with no salt ... 4fa40cf7dd4c6ce484ef12a59ec28288
Good luck getting that password other than through brute force.


I've started !

I'll let you know when I'm done :laugh:

*edit* Well once I've learnt how to use the program I downloaded, it ripped through one of the examples it had though, took 0.2 ms to crack XD

*edit 2* Got it going, lets see how it goes!

*edit 3* Brute Force mode doesn't seem to be working ( does nothing!) So trying straight mode... this will take a while.

*edit 4* Nothing seems to be working at all XD 0% GPU utilisation ha ha
 
Last edited: