2012-11-10
HW 3 question regaurding "check" and "crack" options.
Originally Posted By: kywong
when we are checking to see if the username exists and it has the corresponding pw or trying to crack the password, if it is salted should it be an automatic fail/not crackable? or should we do a few random salts and try and pass/crack it before failing it?
'''Originally Posted By: kywong'''
when we are checking to see if the username exists and it has the corresponding pw or trying to crack the password, if it is salted should it be an automatic fail/not crackable? or should we do a few random salts and try and pass/crack it before failing it?
2012-11-12
Originally Posted By: kywong
Or rather, when checking should it append the salt to the password we are checking for and then see if it passes and same for the dictionary hash?
'''Originally Posted By: kywong'''
Or rather, when checking should it append the salt to the password we are checking for and then see if it passes and same for the dictionary hash?
The dictionary file contains a list of plaintext password not hashes. So if you know the salt, you can apply the hash and see if it matches whats in the password file. The goal is to find any password in the password file.
The dictionary file contains a list of plaintext password not hashes. So if you know the salt, you can apply the hash and see if it matches whats in the password file. The goal is to find any password in the password file.
(c) 2024 Yioop - PHP Search Engine