Credits: <a class="postlink" href="http://www.cyberhackers.org/showthread.php?tid=2858">http://www.cyberhackers.org/showthread.php?tid=2858</a>
A short, informative guide to hashing, salting, and cracking. Enjoy...
You CAN'T decrypt hashes!!!
There is a difference between hashing/cracking and encrypting/decrypting.
Encryption - basically, there is a two-way algorithm that somehow implements a password, or "key". When the correct key is provided, the mathematical function is reversed, thus decrypting the cyphertext into plaintext. For example, an XOR encryption algorithm.
Hashing - a ONE-WAY encryption algorithm. Examples would include MD5, SHA-1, and Whirlpool. It works as follows:
1. A password is created server-side and is converted into the hashed text. It is NEVER necessary to decrypt the hash.
2. A password is provided client-side and is sent to the server.
3. The server then hashes the password provided by the user.
4. The hashed password provided by the user is compared to that which is stored in the server database.
5. If the 2 hashes match, the user has successfully authenticated. If they do not, then access is denied.
------------------------------------------------------------------------------------------------------------------------
As previously stated, hashes are 1-way and can not be mathematically "decrypted".
HOWEVER....
There are several methods to "cracking" a hash. Some include:
Google: Sometimes the hash has already been broken and has been posted on a cracking site. Sometimes (in the case of MD5), the hash is part of a website URL. Google picks them up as hits and you can sometimes see the MD5 hash already converted into plaintext without any work whatsoever.
Brute Force Attack: In the case of MD5, you (or a program) inputs a shitload of possible passwords, puts them through the algorithm, and compares the hashes with that that you are trying to crack. You are successful when they match.
Dictionary Attack: It works the same way as a brute force attack, but only tries the most common words. Since the majority of passwords out there can be found in a dictionary, this method is extremely effective since a simple brute-force program such as John the Ripper can go through a dictionary in a few seconds.
Rainbow Attack: In this case, all the possible password combinations of a charset (the lower-alpha numeric set for example) and a defined length have been hashed. All the hacker needs to do here is search the database of password/hash combinations until he finds a match.
Birthday Attack - This method exploits a vulnerability known as "collision". In this case, a hacker attempts to find a string that is different from the actual password string, but produces the same hash.
<a class="postlink" href="http://en.wikipedia.org/wiki/Birthday_attack">http://en.wikipedia.org/wiki/Birthday_attack</a>
--------------------------------------------------------------------------------------------------------------------------------------------
Lastly salting is a method of inserting random bits into a hash.
There are many ways to salt hashes. Here are a few:
1. Say you had a user with Username "administrator" and password "uberleet". A possible salting algorithm would work like this...
MD5(uberleet) = 0ab4d24ed89fbd3dce7409e49296fb52
md5(0ab4d24ed89fbd3dce7409e49296fb52administrator) = 089dc43e348b0dfaaa8c9bafd1f3c57d (there's your Username-salted hash)
Another example:
You have a defined salt of "1234abc". Your password is "administrator"
It might work like this: md5(1234abc + administrator). So...
MD5(1234abcadministrator) = c3a63a152cec3dc804ebec8e485fabfe
Anyways...the possibilities are endless. The benefits of salting include:
1. It renders Rainbow Tables useless.
2. Brute Forcing is made impractical. Here's why:
Say you have a weak password that would be found in the dictionary (dictionary has about 200,000 words). Normally, a simple dictionary attack would pick it up within a second or two. Now imagine that you have a 32-bit salt, so there are 2^32 possible salts. To find a successful password/salt match to authenticate to the server, you have to try (2^32) x 200,000 = 8.59 x (10^14) possibilities. Assuming the normal CPU can attempt 600,000 calculations per second, then adding a 32-bit salt would increase the cracking time from a few seconds to 45 years. Additionally, salting removes the danger of easily cracking a weak password, and it also removes the possibility of google cracking.
------------------------------------------------------------------------------------------------------------------------------------------------
If you would like to further delve into cryptographical theory, I recommend these sources:
<a class="postlink" href="http://www.megaupload.com/?d=A2SEG3RV">http://www.megaupload.com/?d=A2SEG3RV</a> <----- "Cryptography - Theory and Practice" (700-page eBook).
<a class="postlink" href="http://en.wikipedia.org/wiki/Salting_(cryptography">http://en.wikipedia.org/wiki/Salting_(cryptography</a> )
<a class="postlink" href="http://www.openwall.com/john/">http://www.openwall.com/john/</a> <----- A copy of John the Ripper in case you're interested in carrying out one of those attacks.
A short, informative guide to hashing, salting, and cracking. Enjoy...
You CAN'T decrypt hashes!!!
There is a difference between hashing/cracking and encrypting/decrypting.
Encryption - basically, there is a two-way algorithm that somehow implements a password, or "key". When the correct key is provided, the mathematical function is reversed, thus decrypting the cyphertext into plaintext. For example, an XOR encryption algorithm.
Hashing - a ONE-WAY encryption algorithm. Examples would include MD5, SHA-1, and Whirlpool. It works as follows:
1. A password is created server-side and is converted into the hashed text. It is NEVER necessary to decrypt the hash.
2. A password is provided client-side and is sent to the server.
3. The server then hashes the password provided by the user.
4. The hashed password provided by the user is compared to that which is stored in the server database.
5. If the 2 hashes match, the user has successfully authenticated. If they do not, then access is denied.
------------------------------------------------------------------------------------------------------------------------
As previously stated, hashes are 1-way and can not be mathematically "decrypted".
HOWEVER....
There are several methods to "cracking" a hash. Some include:
Google: Sometimes the hash has already been broken and has been posted on a cracking site. Sometimes (in the case of MD5), the hash is part of a website URL. Google picks them up as hits and you can sometimes see the MD5 hash already converted into plaintext without any work whatsoever.
Brute Force Attack: In the case of MD5, you (or a program) inputs a shitload of possible passwords, puts them through the algorithm, and compares the hashes with that that you are trying to crack. You are successful when they match.
Dictionary Attack: It works the same way as a brute force attack, but only tries the most common words. Since the majority of passwords out there can be found in a dictionary, this method is extremely effective since a simple brute-force program such as John the Ripper can go through a dictionary in a few seconds.
Rainbow Attack: In this case, all the possible password combinations of a charset (the lower-alpha numeric set for example) and a defined length have been hashed. All the hacker needs to do here is search the database of password/hash combinations until he finds a match.
Birthday Attack - This method exploits a vulnerability known as "collision". In this case, a hacker attempts to find a string that is different from the actual password string, but produces the same hash.
<a class="postlink" href="http://en.wikipedia.org/wiki/Birthday_attack">http://en.wikipedia.org/wiki/Birthday_attack</a>
--------------------------------------------------------------------------------------------------------------------------------------------
Lastly salting is a method of inserting random bits into a hash.
There are many ways to salt hashes. Here are a few:
1. Say you had a user with Username "administrator" and password "uberleet". A possible salting algorithm would work like this...
MD5(uberleet) = 0ab4d24ed89fbd3dce7409e49296fb52
md5(0ab4d24ed89fbd3dce7409e49296fb52administrator) = 089dc43e348b0dfaaa8c9bafd1f3c57d (there's your Username-salted hash)
Another example:
You have a defined salt of "1234abc". Your password is "administrator"
It might work like this: md5(1234abc + administrator). So...
MD5(1234abcadministrator) = c3a63a152cec3dc804ebec8e485fabfe
Anyways...the possibilities are endless. The benefits of salting include:
1. It renders Rainbow Tables useless.
2. Brute Forcing is made impractical. Here's why:
Say you have a weak password that would be found in the dictionary (dictionary has about 200,000 words). Normally, a simple dictionary attack would pick it up within a second or two. Now imagine that you have a 32-bit salt, so there are 2^32 possible salts. To find a successful password/salt match to authenticate to the server, you have to try (2^32) x 200,000 = 8.59 x (10^14) possibilities. Assuming the normal CPU can attempt 600,000 calculations per second, then adding a 32-bit salt would increase the cracking time from a few seconds to 45 years. Additionally, salting removes the danger of easily cracking a weak password, and it also removes the possibility of google cracking.
------------------------------------------------------------------------------------------------------------------------------------------------
If you would like to further delve into cryptographical theory, I recommend these sources:
<a class="postlink" href="http://www.megaupload.com/?d=A2SEG3RV">http://www.megaupload.com/?d=A2SEG3RV</a> <----- "Cryptography - Theory and Practice" (700-page eBook).
<a class="postlink" href="http://en.wikipedia.org/wiki/Salting_(cryptography">http://en.wikipedia.org/wiki/Salting_(cryptography</a> )
<a class="postlink" href="http://www.openwall.com/john/">http://www.openwall.com/john/</a> <----- A copy of John the Ripper in case you're interested in carrying out one of those attacks.