Announcement

Collapse
No announcement yet.

Decrypting if you have the salt?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Decrypting if you have the salt?

    I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    Tags: None
  • #2
    Originally posted by fedcon
    They aren't MD5 hashes...
    Excellent because this isn't an answer.

    Originally posted by fedcon
    They look something like this: mbFTyGrJkVW9Q
    Ah, just like mother used to make!

    Originally posted by fedcon
    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    Most definitely.

    (Note: hashing, in the form that most people use the term, isn't "encryption".)

    Comment

    • #3
      Yeah, I wasn't sure if it was a hash or an encryption. What sort of hashing algorithm is used? Can you tell just by looking at it?

      Comment

      • #4
        I can tell just by looking.
        I will tell you just by looking at you.
        Twigman

        Comment

        • #5
          Originally posted by fedcon
          Now I have access to the salt...
          If you have access to a *NIX system with man pages, go read up on crypt for how a salt works. As an alternative, I bet a search for "salt" using the forum search will help with an explanation of what a conventional crypt salt really does to a key-space search search.

          What cipher is used? Why not examine the system on which it was found?
          Though length of ciphertext and character set can be indications of what ciphers may or may not have been used, a better source is the system itself.

          Comment

          • #6
            Originally posted by fedcon
            I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

            Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
            13 chracters DES+salt encrypted passwords. The salt in this case is "mb". You sure can recover the password, it's called a dictionnary attack or a brute force attack.

            Basically, the salt is there to corrupt some of the encryption rounds. The corruption then gets propagated in subsequent rounds. It is non-recoverable. Get crack or john the ripper and a big dictionnary file.

            Comment

            • #7
              Knowing the salt is piece o' cake. For crypt- or DES-style passwords, the first two chars. are the salt.

              For MD5, it is

              $1$sdfslfes$

              The chars between the $1$ and the last $

              The process is not reversible, but brute/dictionary attacks are possible.
              "Programming in Visual Basic is like making a building out of LEGOs. Use C, the king of programming languages!"

              0x029A
              The number of the Beast!

              Comment

              • #8
                Originally posted by fedcon
                I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

                Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
                Try to use "John the Ripper" coded by Solar Designer, hero of my world
                John is best cracker I have ever seen/used (for many times and years)
                http://www.openwall.com/john/

                Comment

                Previous template Next
                Working...
                X