ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 4568

Question about salted hashes

by hypr - 05-19-2017 - 02:23 PM
#1
If I have a salted hash and a good guess at what the password is, based on other accounts having the same password.
Is there a way to compare the salted hash with the plain text to see if it matches?
Reply
#2
Yes. And no.

They call it a rainbow table. Basically you hash a set of passwords that you know are most likely to be used, and then compare the hashed results with the original hash that you have.

HOWEVER,
the salt is the issue. Salting, as far as I can remember after glancing at it, means filling the password length with some "salt" to make it up to a longer string. This "salt" is random, and adds a lot of possible permutations to the password.

This means that you have to take your best guess of the password, salt it will all permutations of randomness, and rainbow the whole set, and then check it one by one against the original hash. It's a lot longer than an unsalted one

Salts are made to defeat brute force and rainbow tables, after all
Reply

Users browsing: 3 Guest(s)