Each program tends to use its own little tricks and algorithms, so the hashes tend to be different.

Note that if the hashing technique is the same, obtaining the hash may be as good as obtaining the password. Some applications go out of their way to avoid this problem by adding, for example, the application name or the name of the authenticating server. This is merely a more advanced technique of salting (also called nonce depending on the context).

In the real world, people tend to use the same password for multiple accounts. Although the database is specific to one application, cracking that application yields access to the other accounts.

wow...thanks for the reply's all. Thats exactly what I was needing.....thanks a bunch every1.

You think that is bad, lets really start confusing people and explaining the RSA algs for encryption... ;)

LosT

Bah! RSA is the easy one (especially for mathmagicians). I could explain it to someone in less than an hour.

Proving it, though...

Hehhee, true, but if they are having problems with something like simple one way hashes, then RSA would be totally confusing...I cross what? Where? Huh? ;)

LosT

Personally I have never had a problem with "simple one way hashes" because had it not been for this discussion I probably would have never given them a second thought. As far as being confusing, many things about computers are confusing to me, usually however, after logical discussion they seem to be more clear. I understand more about hashes now than if I had never read this thread. I am quite sure that given time and solid information I would understand RSA as well as anyone. Life is a learning experience, show me a man who claims to know everthing there is to know and I'll show you a damned liar.

Same thing goes for me, specially when its analogy time :)
It is true that reading maketh a full man.
...reminds me of the men of four.

"He who knows not and knows not that he knows not is a fool; shun him.
He who knows not and knows that he knows not is a child; teach him.
He who knows but knows not that he knows is asleep; wake him.
He who knows and knows that he knows is wise; follow him."

BK

3 Curious humans waiting to asked questions of the Great Oracle of Delphi, and each can learn from the those who preceed them.

Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
Curious Human 1: Could ask any question on any topic?
Oracle: YES.
Curious Human 1: Oh! What are the lottery numbers tomorrow?
Oracle: YOU ASKED YOUR QUESTION. NEXT!

Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
Curious Human 2: What will the score of the game tomorrow be, before it starts?
Oracle: ZERO TO ZERO! NEXT!

Oracle: I AM THE GREAT ORACLE OF DELPHI! I KNOW EVERYTHING YOU NEED TO KNOW! ASK ME A QUESTION!
Curious Human 3: How can I know as much as you, Great Oracle?
Oracle: YOU DON'T NEED TO KNOW THAT!

I've grown to like:
"(s)he who knows not, and knows not how to research is ingnorant and deserves to be ignored."

It's like telling people to 'google it' and having them reply with, "google did not help," or, "google did not return anything." When you verify that google does help, you know they are unwilling or unable to research.

Take a look at rainbowcrack, it uses rainbow tables to bruteforce hashes.
http://www.antsight.com/zsl/rainbowcrack/

Exactly my point earlier...the concepts behind hashes should be easy to get from Google...pretty standard info. I usually don't like the 'give me the answer' people, but prefer the 'help me get the answer, I'm working on it but I'm stuck' people. I always strive to be that kind of a person when seeking help.

LosT

thanks for all your support every1. I did alot of reasearch on my own, but when you hit that wall you need some help. And yall have done just that, thanks again every1. love the forum : ]