On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said: > Does anyone know what kind of password hash this is? > 'password1' = > &c6;Ub&c3;&ab;&19;a&cf;&86; Hex format would be less likely to be mis-parsed. I'm *guessing* you mean the hash is x'c65562c3 ab1961cf 86' - which is slightly odd, being 72 bits long. A salted 64-bit hash, perhaps? Or it might be some home-grown hash that somebody invented. If you know what 'password1' hashes to, it's time to do some differential cryptography and try hashing 'password2', 'password11', 'passwor111', and so on, to determine how many input characters the hash considers. The next thing to try is hashing 'qassword1' (which has one bit different from 'password1') and seeing how many of the output bits change, which will tell you the relative strength of the hash. A good hash will have about half the bits change on a one-bit difference (and continuing through q, r, s, t and so on won't reveal any pattern of *which* bits change), while a bad hash will fail to cause a bit cascade and only a few bits will be different in the output.
Attachment:
pgps2w6YNqGBx.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/