Announcement

Collapse
No announcement yet.

Decrypting if you have the salt?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • drobik
    replied
    Originally posted by fedcon
    I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    Try to use "John the Ripper" coded by Solar Designer, hero of my world
    John is best cracker I have ever seen/used (for many times and years)
    http://www.openwall.com/john/

    Leave a comment:

  • danix
    replied
    Knowing the salt is piece o' cake. For crypt- or DES-style passwords, the first two chars. are the salt.

    For MD5, it is

    $1$sdfslfes$

    The chars between the $1$ and the last $

    The process is not reversible, but brute/dictionary attacks are possible.

    Leave a comment:

  • AlexCV
    replied
    Originally posted by fedcon
    I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    13 chracters DES+salt encrypted passwords. The salt in this case is "mb". You sure can recover the password, it's called a dictionnary attack or a brute force attack.

    Basically, the salt is there to corrupt some of the encryption rounds. The corruption then gets propagated in subsequent rounds. It is non-recoverable. Get crack or john the ripper and a big dictionnary file.

    Leave a comment:

  • TheCotMan
    replied
    Originally posted by fedcon
    Now I have access to the salt...
    If you have access to a *NIX system with man pages, go read up on crypt for how a salt works. As an alternative, I bet a search for "salt" using the forum search will help with an explanation of what a conventional crypt salt really does to a key-space search search.

    What cipher is used? Why not examine the system on which it was found?
    Though length of ciphertext and character set can be indications of what ciphers may or may not have been used, a better source is the system itself.

    Leave a comment:

  • Twigman
    replied
    I can tell just by looking.
    I will tell you just by looking at you.

    Leave a comment:

  • fedcon
    replied
    Yeah, I wasn't sure if it was a hash or an encryption. What sort of hashing algorithm is used? Can you tell just by looking at it?

    Leave a comment:

  • Voltage Spike
    replied
    Originally posted by fedcon
    They aren't MD5 hashes...
    Excellent because this isn't an answer.

    Originally posted by fedcon
    They look something like this: mbFTyGrJkVW9Q
    Ah, just like mother used to make!

    Originally posted by fedcon
    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    Most definitely.

    (Note: hashing, in the form that most people use the term, isn't "encryption".)

    Leave a comment:

  • fedcon
    started a topic Decrypting if you have the salt?

    Decrypting if you have the salt?

    I have access to some encrypted passwords that I need to decrypt. They aren't MD5 hashes... They look something like this: mbFTyGrJkVW9Q

    Now I have access to the salt that was used to encrypt the password. Does that make it easier to decrypt them?
    Tags: None
Previous template Next
Working...
X