Quick Question On Salted Md5 Hashes

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Quick Question On Salted Md5 Hashes GovernmentSecurity.org > General GSO > General Security Information crock Jul 23 2005, 04:59 AM Hello, As I read at http://www.governmentsecurity.org/forum/in...showtopic=15193 , it is said that it is not possible cracking salted md5 hashes using rainbowtables. The way I understand it, is that the salted hashes are md5 hashes of 2 hashes. So simplified, it would look a bit like this: salt MD5 hash = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa pass MD5 hash = bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb final, salted hash = md5(aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb) So in order to crack the pass, you should first crack the salted hash, then take the last 32 characters of the 'plaintext' and crack this as another hash, right? So the reason it is 'impossible' to crack these hashes using rainbowtables is because the plaintext is to long (64 characters)? Am I right, or am I missing something? Yorn Jul 23 2005, 06:44 AM The issue boils down to the difficulty of determining what the salt really is. For example, the following psuedocode: sha1(md5(md5($password)+$registrationdate)+$salt); Now if you have an md5 of "a8b148f3ed392a" or whatever, you can eventually, after several months, determine what part 1 and part 2 are combined. part 2 can be distinguished as the salt in this case, but part 1 is yet another hash. Without knowing what it is, after another few months can pass and you'll eventually get another part 1 and part 2, part 1 can be run through a rainbow table at this point. But keep in mind it took you months or even years to figure out this one password. If you md5 the registration date/time, it might increase the amount of work for someone to reverse engineer the password out of the situation. The strength of policies like this is you never know which protection method the administrator is using without access to their source code. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.