FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Any idea on how to crack these hashes?





likeabreeze
Code:

023e9575e2605ea0827f1734dbaf4ed6387662784242594a43485576
cefa7917bdfbb76151446f0bb95ad8ef736665642e6b6a6c484e4c51
7ba7f14ebbbcb4528c367003e5733bf4687a75376138713636364233
a93e625bcf999972d5bf465d9b1e9ff54d6f52626635676f4b357459
1ad4f0946112485d7df3756401084134556d4935777a315368587a6b
92d61a704c2c64eff3ea1e890030a1ae456b66714c5752396e4b364d


Well, these hashes are so-called Salted MD5, but what's the solution?
Hogwarts
It sounds like what you're trying to do is unethical and potentially illegal
TomS
A salt is a key-encryption, basically. That can be anything from XOr with a one time pad to cesar's encryption (shift by constant value (e.g. a=b, b=c.... z=a).

Like salt in food, using "salt" on a has is not essential but makes it much better. The good thing is, that you can't really over do it.

So what "salt" does, is to prevent reverse-engineering the passwords (bruteforce, rainbow tables). So in addition to the hash you also need to salt which is usually stored in the software itself.
You need the salt and the method of salting (as I said above, could be anything). Then you can "unsalt" that hash. But this only gives you the regular hash, not a password.
Peterssidan
A md5 hash is a 32 digit hexadecimal number. The hashes you have posted have 56 digits so 24 digits are probably the salt but we don't know which digits belong to the salt and which belong to the md5 hash.

If you manage to separate the salt and the hash a naive brute force approach to find the password could be something like this:
Code:
for all possible passwords p
   sp := computeSaltedPassword(p, salt)
   sh := md5(sp)
   if (sh == salt)
      add p to list of possible passwords

One problem with this is that we don't know how the salted password is computed from the password and the salt. Often the salt is simply appended to the password but it could be much more complicated than that.

Also note that many passwords can give the same hash so when we find a match we can't be sure it is the correct password. Maybe you don't care about the correct password? If the hash matched it will (most likely) work to log in to the software that you got the salt and hash from.

Using this naive brute force approach is of course too slow. There are infinite number of possible passwords so in reality you will have to come up with something smarter, more optimized, and test more likely passwords first.
codersfriend
I don't think md5s are reversible. But you can always generate a hash like this by encrypting a text then comparing it. But the text you posted looks way too long
jmraker
Normally if you have the md5 you can try running it through a rainbow table to look up what known word(s) generate the md5 you're looking for. It would only work for the words it has the md5 hash for which would be common passwords

The salt part won't work with rainbow tables
http://en.wikipedia.org/wiki/Salt_(cryptography)

Some info that google found:
https://crackstation.net/hashing-security.htm
DesquisiadoMoral
If MD5 was created in United States you can get any backdoor Laughing

Otherwise, that's almost impossible to get decrypt. Shocked
Josso
For reference, unsalted, tmto.org had the most extensive database last time I checked - there may be something better these days tho
Related topics
Me, myself and I =)
Guildwars
Not Voting is Reasonable for People Who Want Freedom
Chat Bots - Do you trust them?
Homosexuality, is it biologically natural?
Change or is it just me?
VANiLLA FLAVA >>> Taste GiveAway
What to do if Banned from Adsense?
Rich Kids
MD5...
SLI / Crossfire sucks !?!
drinking and driving
Incredible Slowness
RoboForm
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.