Discussion in 'News' started by btarunr, Jul 16, 2012.
Unsalted hash passwords.....
Not sure what your implying here, Widj. Care to elaborate?
It's called lack of understanding in terms of salted and hash.
But mainly the first time I have heard of the word salted being used is relation to this situation.
When you run a string (password) through a hash algoithm it generates a fixed length string based on the bit length of the encryption that represents the string.
You can't really decrypt a hash, but you can run many, many strings through the algorithm to see if the the hash you get matches the one in questions. This is easily done with dictionaries (as most people use common words for passwords so they can remember them) and with today's hardware can be done very quickly.
However, if the password is something very uncommon or convoluted, they will have to run a brute force attack on the hash. This means they will have to try every combination possible of the string.
This is incredibly hard if a) you have no idea what the length of the string is to begin with, and b) what characters are included in the string.
Here is and example
This is a MD5 hash of a strong password with no salt ... 4fa40cf7dd4c6ce484ef12a59ec28288
Good luck getting that password other than through brute force.
If I salted it it would be infinitely harder, but the point is that if you use a strong password from the start the likelyhood of your hash being compromised in still pretty slim.
All this talk of salted hash is making me hungry.
I've started !
I'll let you know when I'm done
*edit* Well once I've learnt how to use the program I downloaded, it ripped through one of the examples it had though, took 0.2 ms to crack XD
*edit 2* Got it going, lets see how it goes!
*edit 3* Brute Force mode doesn't seem to be working ( does nothing!) So trying straight mode... this will take a while.
*edit 4* Nothing seems to be working at all XD 0% GPU utilisation ha ha
Separate names with a comma.