Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Cracking Salted MD5's
Posted by: Exofusion
Date: February 08, 2008 12:10AM

It seems as though there are an abundance of MD5 cracking tools, but little support Salting. It seems as though a dictionary attack would not affect cracking a salted MD5 if you knew the algorithm of how it was salted, the salt, and the hash. I've got a hash that used md5($salt . $password . $salt) and was wondering if any tools were in existence that would help.

Any help is appreciated.

Options: ReplyQuote
Re: Cracking Salted MD5's
Date: February 09, 2008 12:14AM

Rainbow Tables would be quite useless in this situation as even if you were to find a hash in the table it would obviously be misleading due to the salt. I don't believe Cain would provide you with the ability to add the salt before and after a string so I would say you'd probably have to write your own program to do so in which a dictionary attack would be the best option. Sorry if my reply isn't sufficient, but I'm really beat from work.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: majak
Date: February 09, 2008 02:49AM

I don't think it will be misleading, because he will get $salt.$password.$salt. And if he knows $salt, he will $password. (Assuming that he won't find some collided nonsense.) But if it is salted, there is almost zero chance to find that hash.

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: tx
Date: February 09, 2008 04:01AM

@majak: It really depends on if the salt and salting algorithm are known, and then upon the strength of both factors. A weak salt (for example, a two digit number) and a weak salting algorithm($pwd_hash = md5($pwd.$delimiter.$salt)), if known, add only a trivial layer of security over using no salt at all. Generating a rainbow table that includes /[\w]/i as well as a few common delimiters is relatively easy (esp. if you constrain it to between a 6 and 14 char limit, which many [even salted] passwords fall into). And then all one would have to do is mentally apply the reverse of the salting algorithm to obtain the original password. Salting, like many often lauded (but infrequently examined in detail) practices, is a security technique thats strength varies greatly based on the strength of it's dependent components.

As a note, the two digit salt based $pwd_hash = md5($pwd.$delimiter.$salt) algorithm is one I've actually seen used in some pretty popular pieces of ecommerce software.

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: majak
Date: February 09, 2008 05:36AM

yes, you are right. i was talking about this very specific case, where everything (except password:-)) is known and you manage to reverse hash.

and, what's point of delimiter? (i can't think of any except it slightly helps salting)

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: tx
Date: February 09, 2008 05:40PM

yeah, the delimiter doesn't really help at all, I just used that as an example because I've actually seen it live. I suppose in the cases I've seen (small minimum password length with no strength requirements and a two character numeric salt) the delimiter at least ensures that there is one non alphanumeric character in there. Also it was probably the easiest solution the programmer (who obviously didn't really understand salting) could think of (since when there's a known delimiter you can just explode() it).... I guess it just goes to show: implementation is everything.

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: Exofusion
Date: February 13, 2008 05:47PM

Well in my case, I do know both how it is hashed, ($salt . $password . $salt), and the salt. The salt is a randomly generated 20 character ANSI string, (Example: «-ôâÁH»MXonÑ"ÇÝm‡). Seems like I could create my own Rainbow-Tables with the custom salt, then use a standard brute forcer to use the custom salted Rainbow-Tables.

Is there any flaw in my logic here?

Options: ReplyQuote
Re: Cracking Salted MD5's
Posted by: Malkav
Date: February 19, 2008 10:47AM

well. as kogir pointed out in http://sla.ckers.org/forum/read.php?15,19557,20143#msg-20636

the problem is that if the string is random per-user, you will have first to get every salt for every password, then generate your rainbow for each salt. if the db is even a few hundred users large, that become a lots of work. unless you have access to an overly large cluster i would advise you to look at another way to get your information

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote


Sorry, only registered users may post in this forum.