I know all about salts and that they are very secure but what i want to know is is there any way to crack them to obtain the origional password? and if there is could you lead me to a program to do so?
Posts: 358 Location: USA Joined: 19.03.05 Rank: Moderate
Posted on 19-05-06 18:40
With DES the salt is the first 2 characters.
With salted MD5 (the type that begins with $1), the salt is the first 11 characters.
John will automotically take care of this for you, but if you want to extract the salt by hand, its fairly easy. In Perl, you'd just do something like:
my $salt = substr($hash,0,2); *For DES
my $salt = substr($hash,0,11); *For MD5
IPB style salted MD5 hex hashes are a bit harder. You actually have to have the salt database to crack them (okay, I lied. You can dictionary attack/bruteforce the salt, or if you want to be fancy you can use colosions to break it). There is a patch for john that enables it to crack IBP hashes, if you're interested...
Okay, I'm fucking pissed. The damn forum changed a pound sign (shift+3), which is a comment in Perl as well as many other languages, into a freakin' *. I'm gonna post a complaint thread...[/edit]