Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Securing encrypted data in RAM vs MSSQL

RE: Securing encrypted data in RAM vs MSSQL

From: Dean Saxe <Dean.Saxe_at_DigitalInsight.com>
Date: Thu, 1 Jul 2004 13:34:33 -0400

Shouldn't a salt value added to the plaintext before hashing effectively
make this kind of a dictionary attack much more difficult, if not
impossible, to perform since you would have to recover the salt and
plaintext?

-dhs

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN_at_libertis.ga]
Sent: Thursday, July 01, 2004 1:19 PM
To: Toro, Daniel; Stan Guzik; Dave Andrews; webappsec_at_securityfocus.com;
forensics_at_securityfocus.com
Subject: RE: Securing encrypted data in RAM vs MSSQL

Well, there is always a way to recover the real password or login from a
hash...the matter's is the time it will take!

The method to "dehash" a hash is quite simple: as theorically a hash_1 can
be produced by a single pass_1/login_1/..., we can create a huge amount of
random pass_2/logins_2/..., hash them with MD5/SHA-1/... and then compare
each of them with our hash_1. ASA the two hashes are the same, we can pick
up the pass/login/... which produced hash_2. Quite simple but really long to
perform.

BTW, Cain & Abel, John the Ripper and Crack can perform such recoveries...
:)
Received on Jul 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]