Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

hashcat Forum > Deprecated; Previous versions > General Help > Help to recover password from an unknown hash type
Full Version: Help to recover password from an unknown hash type
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

epixoip

01-06-2015, 12:15 PM
Ah ok. Well, hopefully we've provided enough comments for you to present an accurate risk assessment. It's certainly not the worst scheme we've seen, but it's definitely not good at all. There are a lot of problems with this code.

Since this app uses php, there's absolutely no reason to not use password_hash() if you're on php >= 5.5, or crypt() with CRYPT_BLOWFISH if you're using an earlier version. That's the proper way to do things.

And if you do actually want a shot at cracking the passwords, it would be trivial to write your own cracker for this.

azren

01-07-2015, 06:51 AM
(01-06-2015, 12:15 PM)epixoip Wrote: [ -> ]Ah ok. Well, hopefully we've provided enough comments for you to present an accurate risk assessment. It's certainly not the worst scheme we've seen, but it's definitely not good at all. There are a lot of problems with this code.

Since this app uses php, there's absolutely no reason to not use password_hash() if you're on php >= 5.5, or crypt() with CRYPT_BLOWFISH if you're using an earlier version. That's the proper way to do things.

And if you do actually want a shot at cracking the passwords, it would be trivial to write your own cracker for this.

Thanks guys,

For sure will recommend that to dev team.
Pages: 1 2
hashcat Forum > Deprecated; Previous versions > General Help > Help to recover password from an unknown hash type