--- David Schwartz <davidsat_private> wrote: > Two things: > > 1) You should have hashed a few of the shortest > possible passwords, like > 'a' and 'b' if the program would allow you to. At > minimum, you should have > hased passwords that are much more similar, like > 'foo0' and 'foo1', or > ideally '0' and '1'. You have no passwords that > differ by only one > character. Application does not allow to put smaller passwords Password0 - D5FBB0C7C20D9CE79D3B837BD6FB3505 Password3 - D5FBB0C7C20D9CE7B872B3A0BD587B8D Password4 - D5FBB0C7C20D9CE7BE369511C82DD666 Password5 - D5FBB0C7C20D9CE75B475FA1726B4870 > 2) You need to tell people what it is they're > working on. If we're going to > help you compromise the security of something, we > need to know what it is. > You don't mention whether this is an algorithm you > constructed just for this > challenge or whether it's a real algorithm. This is a real algorithm. It is used in a small application used at the company I work for, I posted this because i need to make a password audit for weak passwords, I have full access to the database this is how i get access to the hashes! We do not have access to the source code, so i can;t figure out the algorithm __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 09:18:20 PDT