 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 69
 Members: 0
 Total: 69
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
what kind of hash? |
|
 Posted: Thu Nov 06, 2008 2:12 am |
 |
|
| 10_Sec_Hero |
| Advanced user |
 |
|
| Joined: Oct 22, 2008 |
| Posts: 52 |
|
|
|
 |
|
 |
|
f3iAKbG3Acye2
por3xYtbuLb2g
Ca8rr8dUbDpDY
i3ROEKeTFEPGw
i3a8fVTNJ7JP.
i3visj.3CRxh2
i think base64 but im not sure
any ideas?
thx in advance  |
|
|
|
|
| Posted: Thu Nov 06, 2008 12:56 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It's old-style DES hash.
Plaintext of por3xYtbuLb2g is poopoo
Plaintext of i3ROEKeTFEPGw is poopoo
Plaintext of i3visj.3CRxh2 is hedgehogcactus |
|
|
|
|
| Posted: Thu Nov 06, 2008 3:57 pm |
|
|
| 10_Sec_Hero |
| Advanced user |
|
|
| Joined: Oct 22, 2008 |
| Posts: 52 |
|
|
|
|
|
|
|
| thank you, mind if i ask how you know what type of hash it is? |
|
|
|
|
|
|
|
|
| Posted: Thu Nov 06, 2008 9:24 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| 10_Sec_Hero wrote: | | thank you, mind if i ask how you know what type of hash it is? |
Like i said before, it's Unix DES hash:
http://en.wikipedia.org/wiki/Crypt_(Unix)#Traditional_DES-based_scheme
| Code: |
Traditional DES-based scheme
The traditional implementation uses a modified form of the DES algorithm. The user's password is truncated to eight characters, and those are coerced down to only 7-bits each; this forms the 56-bit DES key. That key is then used to encrypt an all-bits-zero block, and then the ciphertext is encrypted again with the same key, and so on for a total of 25 DES encryptions. A 12-bit salt is used to perturb the encryption algorithm, so standard DES implementations can't be used to implement crypt(). The salt and the final ciphertext are encoded into a printable string in a form of base64.
This is technically not encryption since the data (all bits zero) is not being kept secret; it's widely known to all in advance. However, one of the properties of DES is that it's very resistant to key recovery even in the face of known plaintext situations. It is theoretically possible that two different passwords could result in exactly the same hash. Thus the password is never "decrypted": it is merely used to compute a result, and the matching results are presumed to be proof that the passwords were "the same."
|
Hash is 13 chars long, first 2 chars are salt, other 11 chars is hash, encoded in base64. |
|
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
