2012-11-01
Why did the hash values change in the HW?.
Hi Everyone,
Kyle pointed out that the program that I was using to output the test example password files had a bug:
It was written in PHP and called the function md5 which by default outputs md5's as a hex string not
the raw binary. What was there before was base64 encodings of the resulting hashes. What I wanted
was 64 encodings of actual 16 byte md5 hashes, so I changed it to make it correct.
Best,
Chris
Kyle pointed out that the program that I was using to output the test example password files had a bug:
It was written in PHP and called the function md5 which by default outputs md5's as a hex string not
the raw binary. What was there before was base64 encodings of the resulting hashes. What I wanted
was 64 encodings of actual 16 byte md5 hashes, so I changed it to make it correct.
Best,
Chris
Hi Everyone,<br><br>Kyle pointed out that the program that I was using to output the test example password files had a bug:<br>It was written in PHP and called the function md5 which by default outputs md5's as a hex string not<br>the raw binary. What was there before was base64 encodings of the resulting hashes. What I wanted<br>was 64 encodings of actual 16 byte md5 hashes, so I changed it to make it correct.<br><br>Best,<br>Chris
Originally Posted By: Erni
Hi Dr. Pollett
I notice that in order to get these passwords without salt:
nosaltman:$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::
dummy:$0$KKdELdo62TCWQmH0NiwUa/w==::17832:0:99999:7:::
You need to add "0" at the end. I thought when there is no salt, you don't add anything to the end. Are those unsalted password correct? Because when I hash and base64 encoding password "secret", I get this:
barabara:$0$Xr4ilOzQ4PCOq3aQ0qbuaQ==::::::::
If I add 0 to the end (making the password "secret0"), I get this:
barbara:$0$F17Hen9jCCWQmH0NiwUa/w==::::::::
I notice that there is a pattern to the unsalted password because you add "0" at the end. Notice that both nosaltman and dummy's password has WQmH0NiwUa/w== at the end.
I notice that in order to get these passwords without salt:
nosaltman:$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::
dummy:$0$KKdELdo62TCWQmH0NiwUa/w==::17832:0:99999:7:::
You need to add "0" at the end. I thought when there is no salt, you don't add anything to the end. Are those unsalted password correct? Because when I hash and base64 encoding password "secret", I get this:
barabara:$0$Xr4ilOzQ4PCOq3aQ0qbuaQ==::::::::
If I add 0 to the end (making the password "secret0"), I get this:
barbara:$0$F17Hen9jCCWQmH0NiwUa/w==::::::::
I notice that there is a pattern to the unsalted password because you add "0" at the end. Notice that both nosaltman and dummy's password has WQmH0NiwUa/w== at the end.
'''Originally Posted By: Erni'''
Hi Dr. Pollett<br><br>I notice that in order to get these passwords without salt: <br><br>nosaltman:$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::<br>dummy:$0$KKdELdo62TCWQmH0NiwUa/w==::17832:0:99999:7:::<br><br>You need to add "0" at the end. I thought when there is no salt, you don't add anything to the end. Are those unsalted password correct? Because when I hash and base64 encoding password "secret", I get this: <br>barabara:$0$Xr4ilOzQ4PCOq3aQ0qbuaQ==::::::::<br><br>If I add 0 to the end (making the password "secret0"), I get this: <br>barbara:$0$F17Hen9jCCWQmH0NiwUa/w==::::::::<br><br>I notice that there is a pattern to the unsalted password because you add "0" at the end. Notice that both nosaltman and dummy's password has WQmH0NiwUa/w== at the end.
0 is a salt, so you still need to add it. dummy's string is a made up string, I just cut and pasted nosaltman's string a few times.
0 is a salt, so you still need to add it. dummy's string is a made up string, I just cut and pasted nosaltman's string a few times.
Originally Posted By: Erni
nosaltman:$0(There is no salt)$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::
I thought that $0 after the nosaltman username means that there is no salt and therefore, nothing should be added to secret. Unless nosaltman says this:
nosaltman:$1$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::
Then that means that nosaltman has a salt that is 0. Right now, the password is hashed and encoded the second way with $1(yes, there is a salt)$0(The salt is 0)
I thought that $0 after the nosaltman username means that there is no salt and therefore, nothing should be added to secret. Unless nosaltman says this:
nosaltman:$1$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::
Then that means that nosaltman has a salt that is 0. Right now, the password is hashed and encoded the second way with $1(yes, there is a salt)$0(The salt is 0)
'''Originally Posted By: Erni'''
nosaltman:$0(There is no salt)$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::<br><br>I thought that $0 after the nosaltman username means that there is no salt and therefore, nothing should be added to secret. Unless nosaltman says this: <br>nosaltman:$1$0$F17Hen9jCCWQmH0NiwUa/w==::15832:0:99999:7:::<br><br>Then that means that nosaltman has a salt that is 0. Right now, the password is hashed and encoded the second way with $1(yes, there is a salt)$0(The salt is 0)
Hey Erni,
You were correct originally -- I was thinking we were talking about $1$0$hash not $0$hash. I updated the HW page.
Best,
Chris
You were correct originally -- I was thinking we were talking about $1$0$hash not $0$hash. I updated the HW page.
Best,
Chris
Hey Erni,<br><br>You were correct originally -- I was thinking we were talking about $1$0$hash not $0$hash. I updated the HW page.<br><br>Best,<br>Chris
2012-11-02
Originally Posted By: susandi
Hi professor,
In hw3 description,
java PasswordTool change_no_salt 10 0 1 superman secret my_passwordfile.txt
in this case, do you assume that username and password are not always saved in col 0 (login) and col1(password)?
so if user types java PasswordTool change_no_salt 10 2 3 superman secret passwordfile.txt.She saves username in column 2 and the password in column 3. Is there any possibility that user could save two different passwords in two different columns? since we already have a password in column 1.
Thank you.
Su
In hw3 description,
java PasswordTool change_no_salt 10 0 1 superman secret my_passwordfile.txt
in this case, do you assume that username and password are not always saved in col 0 (login) and col1(password)?
so if user types java PasswordTool change_no_salt 10 2 3 superman secret passwordfile.txt.She saves username in column 2 and the password in column 3. Is there any possibility that user could save two different passwords in two different columns? since we already have a password in column 1.
Thank you.
Su
'''Originally Posted By: susandi'''
Hi professor,<br>In hw3 description,<br>java PasswordTool change_no_salt 10 0 1 superman secret my_passwordfile.txt<br><br>in this case, do you assume that username and password are not always saved in col 0 (login) and col1(password)? <br>so if user types java PasswordTool change_no_salt 10 2 3 superman secret passwordfile.txt.She saves username in column 2 and the password in column 3. Is there any possibility that user could save two different passwords in two different columns? since we already have a password in column 1.<br><br>Thank you.<br> Su
You should assume that the passwords and logins are not always in the same column and therefore you need to make use of those command line options.
Best,
Chris
Best,
Chris
You should assume that the passwords and logins are not always in the same column and therefore you need to make use of those command line options.<br><br>Best,<br>Chris
(c) 2024 Yioop - PHP Search Engine