Articles
Metasploit Framework Windows Tutorial The Archives General GSO | Full Version: Md5 And Salts
I can't understand hashes and salts. I made a password of 'a' on my Invision Forum and then I looked up the hash and the salt for it in my database. I typed in the salt and then 'a' beside it through Cain and Abel and got it to convert it to an MD5. I thought this hash would turn out the same as the one recorded in the forum. This is because I thought the salt gets appended to the password and then it is hashed. By appending a known salt to a known password I thought the hash would turn out the same. When I did this though the hash turned out different from the one recorded in the Invision Forum. Please explain.
i posted this a while ago elsewhere and it seems to relate to your question
the following ipb function generates a random 5 character salt when that user registers their account for the first time. Note that random time is used. CODE function generate_password_salt($len=5) { $salt = ''; srand( (double)microtime() * 1000000 ); for ( $i = 0; $i < $len; $i++ ) { $num = rand(33, 126); if ( $num == '92' ) $num = 93; $salt .= chr( $num ); } return $salt; } now lets say that our randomly generated salt is '12345' (ok im being boring) And that our password we use to login is 'qwerty' take a look at the ibf_members_converge table it contains two important values converge_pass_salt: contains the value '12345' converge_pass_hash: contains md5( md5('12345').md5('qwerty') ) so this is what happens during authentication CODE if ( $this->member['converge_pass_hash'] == $this->generate_compiled_passhash( $this->member['converge_pass_salt'], $md5_once_password ) ) return TRUE; //all good :) $this->member[] is just a private array of the class_converge which contains some of these values i mentioned Take a look at class_converge.php it is where most of the action is at To bruteforce the hashes you need the ibf_members_converge table. 1 pass of a generalised brute forcer may look like this: if ( md5(salthash.md5(currvalue)) == myhash) salthash is the md5 hash of our salt, currvalue is the current bruteforce string (eg a,ab,abc,etc), myhash is the hash you want to crack Basically double the effort is required to break this and rainbowtables cant be used As far is i can tell member_login_key which is in the ibf_members table is only to do with autologin? but i may be wrong Please correct me if im wrong in any of this but you get the gist of it. This is a smart move by forum developers to use a salt in order to protect their precious users so put your thinking hats on 
Thanx nuorder That makes my salt problem a bit more clear!
Great Explanation --- Archived
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc. |
||
