What encryption did they use?
12 posts • Page 2 of 2 • 1, 2
Re: What encryption did they use?
by randyjones717 on Thu Sep 30, 2010 11:16 pm
([msg=46877]see Re: What encryption did they use?[/msg])
Ok, thanks now I have a better understanding on what encryption VS hashes are. Encryption = can be broken easy with leetkey firefox plugin or google sites, hashes take time with JTR. So basically you can salt a hash as many times as you want with a crazy algorithm that nobody will know unless you tell them (like x^5), or they can try on a high powered system with JTR for weeks or months trying to crack it.
- randyjones717
- New User
- Posts: 20
- Joined: Fri Sep 24, 2010 6:46 pm
- Blog: View Blog (0)
Re: What encryption did they use?
by sanddbox on Thu Sep 30, 2010 11:18 pm
([msg=46878]see Re: What encryption did they use?[/msg])
......Nope.
Both unsalted and salted hashes are, as the name implies, hashes. They are both different from encryption.
Hashes don't have to take time - unsalted hashes are easily broken by rainbow tables in mere seconds.
A salt is not an algorithm, but merely the first input in a hash function that takes two inputs. It's not a "crazy algrorithm" - the same algorithm is used each time for what we're talking about - the md5 hashing algorithm.
x^2 does not refer to the salt - it refers to how many attempts must be made to bruteforce every possible combination given a certain keyset. X is the number of possibilities with an unsalted hash, whereas X^2 was the number of possibilities with a salted hash.
The reason you didn't crack the hash at your military exercise was because you didn't understand salting/rainbow tables in general and thus tried to apply a solution to the wrong problem (you used rainbow tables where they are obsolete).
The way JTR cracks hashes is simply - it keeps hashing random combinations of words/letters until it finds a hash it produced that matches the hash provided. It then knows that the last combination it tried is the correct one.
I'd suggest reading articles on google/wikipedia about hashing to get a better understanding of the topic.
The difference between encryption and hashing is that with encryption, you can get the original input from the output, whereas with hashing, you can not. Hashing is a one-way function, whereas encryption goes both ways.
Both unsalted and salted hashes are, as the name implies, hashes. They are both different from encryption.
Hashes don't have to take time - unsalted hashes are easily broken by rainbow tables in mere seconds.
A salt is not an algorithm, but merely the first input in a hash function that takes two inputs. It's not a "crazy algrorithm" - the same algorithm is used each time for what we're talking about - the md5 hashing algorithm.
x^2 does not refer to the salt - it refers to how many attempts must be made to bruteforce every possible combination given a certain keyset. X is the number of possibilities with an unsalted hash, whereas X^2 was the number of possibilities with a salted hash.
The reason you didn't crack the hash at your military exercise was because you didn't understand salting/rainbow tables in general and thus tried to apply a solution to the wrong problem (you used rainbow tables where they are obsolete).
The way JTR cracks hashes is simply - it keeps hashing random combinations of words/letters until it finds a hash it produced that matches the hash provided. It then knows that the last combination it tried is the correct one.
I'd suggest reading articles on google/wikipedia about hashing to get a better understanding of the topic.
The difference between encryption and hashing is that with encryption, you can get the original input from the output, whereas with hashing, you can not. Hashing is a one-way function, whereas encryption goes both ways.
HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
-
sanddbox - Expert
- Posts: 2354
- Joined: Sat Jul 04, 2009 5:20 pm
- Blog: View Blog (0)
12 posts • Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 0 guests