Re: Password Cracking Challenge...

From: Ronish Mehta (sf_mail_sbm_at_yahoo.com)
Date: 07/31/03

  • Next message: optikool_at_psyfreakz.org: "Re: Some help With BOF Exploits Writing. - EAX ?!" 
    Date: Wed, 30 Jul 2003 22:19:39 -0700 (PDT)
To: vuln-dev@securityfocus.com

    --- David Schwartz <davids@webmaster.com> wrote:
    > Two things:
    >
    > 1) You should have hashed a few of the shortest
    > possible passwords, like
    > 'a' and 'b' if the program would allow you to. At
    > minimum, you should have
    > hased passwords that are much more similar, like
    > 'foo0' and 'foo1', or
    > ideally '0' and '1'. You have no passwords that
    > differ by only one
    > character.

    Application does not allow to put smaller passwords

    Password0 - D5FBB0C7C20D9CE79D3B837BD6FB3505
    Password3 - D5FBB0C7C20D9CE7B872B3A0BD587B8D
    Password4 - D5FBB0C7C20D9CE7BE369511C82DD666
    Password5 - D5FBB0C7C20D9CE75B475FA1726B4870

    > 2) You need to tell people what it is they're
    > working on. If we're going to
    > help you compromise the security of something, we
    > need to know what it is.
    > You don't mention whether this is an algorithm you
    > constructed just for this
    > challenge or whether it's a real algorithm.

    This is a real algorithm. It is used in a small
    application used at the company I work for, I posted
    this because i need to make a password audit for weak
    passwords, I have full access to the database this is
    how i get access to the hashes!
    We do not have access to the source code, so i can;t
    figure out the algorithm
     

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com

  • Next message: optikool_at_psyfreakz.org: "Re: Some help With BOF Exploits Writing. - EAX ?!"

    Relevant Pages

    • Re: Password Cracking Challenge...
      ... them to crack the passwords. ... >> challenge or whether it's a real algorithm. ... > Do you Yahoo!? ... easy-to-use web site design software ...
      (Vuln-Dev)
    • Re: Cant Log on: multiple XP security and/or virus issues
      ... | log-on or got kicked off Yahoo IM and MSN Messenger - told me I was already ... Was also locked out of my own credit card account on ... Changed all email & bank passwords a couple of times over the next ... | that my wireless connection would very often disconnect and reconnect itself - ...
      (microsoft.public.security.virus)
    • Re: Password hashes
      ... There is no such thing as an NTLMV2 hash. ... While I am a believer of enforcing complex passwords the bigger issue is if ... computers you need to review the physical security of your computers. ... > broken up into two 7 character units. ...
      (microsoft.public.windowsxp.security_admin)
    • Cant Log on: multiple XP security and/or virus issues
      ... log-on or got kicked off Yahoo IM and MSN Messenger - told me I was already ... Was also locked out of my own credit card account on ... Changed all email & bank passwords a couple of times over the next ... that my wireless connection would very often disconnect and reconnect itself - ...
      (microsoft.public.security.virus)
    • Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!
      ... hash security. ... > generating dictionary lists using different character sets for the ... secure or it isn't, for the level of computation possible by today's ... Yes, good passwords are always a must, along with a good ...
      (Full-Disclosure)