Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Craking Serv-u passwords stored in .ini file.
From: "Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>
Date: Thu, 2 Sep 2004 15:20:20 -0700

-----Original Message-----
From: Scovetta, Michael V [mailto:Michael.Scovetta () ca com] 
Sent: Thursday, September 02, 2004 1:23 PM
To: Altheide, Cory B. (IARC); Jérôme ATHIAS; 
pen-test () securityfocus com
Subject: RE: Craking Serv-u passwords stored in .ini file.

I realize this is pedantic, but there's a fundamental 
difference between "cracking" MD5 and looking up pre-computed 
values. Of course, it may be useful to find out what password 
generated some particular md5 hash, but the is only 
non-trivial because the implementation of the hashing 
algorithm did not include salt while hashing.

The only real difference is by using precomputed tables you're front-loading
your work and only doing computations that would normally be needlessly
repetitive once.  Otherwise the "cracking," as it were, is the basically

I don't need to be directly addressed on messages to a mailing list I
obviously subscribe to. ;)

-- Cory

Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]