Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Password Salt

  1. Home
  2. Forum
  3. Cryptography
  4. Password Salt

Nubzzz's Avatar

Nubzzz

Member
0 0

I know all about salts and that they are very secure but what i want to know is is there any way to crack them to obtain the origional password? and if there is could you lead me to a program to do so?


ghost's Avatar

ghost

0 0

John the Ripper handles salted hashes and encryptions.


n3w7yp3's Avatar

n3w7yp3

Member
0 0

With DES the salt is the first 2 characters.

With salted MD5 (the type that begins with $1), the salt is the first 11 characters.

John will automotically take care of this for you, but if you want to extract the salt by hand, its fairly easy. In Perl, you'd just do something like:

my $salt = substr($hash,0,2); *For DES
my $salt = substr($hash,0,11); *For MD5

IPB style salted MD5 hex hashes are a bit harder. You actually have to have the salt database to crack them (okay, I lied. You can dictionary attack/bruteforce the salt, or if you want to be fancy you can use colosions to break it). There is a patch for john that enables it to crack IBP hashes, if you're interested…

[edit]Okay, I'm fucking pissed. The damn forum changed a pound sign (shift+3), which is a comment in Perl as well as many other languages, into a freakin' *. I'm gonna post a complaint thread…[/edit]