+ 3

what are the three salts of these hashing method?

how to read and describe this: sha512crypt, crypt(3) $6$ [SHA512 128/128 X0P 2X]) here's the screenshot: https://i.ibb.co/xXPh1vJ/salts.png what is 1st salt? 2nd salt? and 3rd salt? why it has shown crypt(3), why not crypt(4) or crypt(2)? what's the meaning behind using number 3? how to describe this? [SHA512 128/128 X0P 2X])

26th Dec 2019, 12:05 PM
Adi Pratama
Adi Pratama - avatar
10 Respuestas
+ 2
Adi Pratama-Universitas Brawijaya try: sudo cat /etc/shadow you will see lines like this: username:$xxx$6$yyy xxx is the salt 6 is code for SHA512 yyy is the hash generated from your password and the salt using sha512 algorithm.
27th Dec 2019, 8:43 AM
grdr
+ 3
I don't quite understand your question. there's just one salt to generate a hash. every hash gets another salt. you just have 3 passwords hashed in that screenshot and each has a different salt, obviously. how should we know what the salts are? they are generated randomly and don't show up on that screen. just open the file containing the hashes if you want to see the salt for each hash.
27th Dec 2019, 5:44 AM
grdr
+ 3
crypt is the linux function that generates those hashes if I recall correctly. SHA512 is the hashing algorithm used where 512 refers to the bits. SHA is just an acronym for Secure Hash Algorithm. about the rest, I don't really remember. I believe linux stores hashes as: saltvalue$6$hashvalue where the $6$ is a placeholder of sorts to separate the salt from the hash, but what it stands for exactly, I don't know.
27th Dec 2019, 6:02 AM
grdr
+ 2
these are just hashes ... u can read it as sha hash and crypt 3 hash these are just the name of hashing algorithm .. if u want to decrypt those algorithms ... then u can use this tool https://md5hashing.net/hash in the [ Hash reverse lookup, decrypt, search ] section u can just copy and paste hashes and select right algorithm and it will decrypt it
27th Dec 2019, 8:05 AM
Prashanth Kumar
Prashanth Kumar - avatar
+ 2
Prashanth Kumar You can't decrypt hashes at all tbh. You can store a dictionary containing hashes and their clear value, which is what that website does. however, with a different salt the hash will be different as well, even if the cleartext is the same, meaning you would need a much bigger dictionary. since I don't see an input field for salts, I doubt that website will work for salted hashes. understandably so - you would need a whole new database for every salt value possible.
27th Dec 2019, 8:12 AM
grdr
+ 2
what's the point? you know what crypt and sha512 are. $6$ is a divider. the rest is just other output of the software you're using. check it's documentation.
27th Dec 2019, 8:32 AM
grdr
+ 2
btw, I remembered $x$ is the information telling linux which hashing algorithm was used. 6 means sha512.
27th Dec 2019, 8:39 AM
grdr
+ 2
That's what I am asking for, describing $6$ as a divider. thank you, why it has shown crypt(3), why not crypt(4) or crypt(2)? what's the meaning behind using number 3? how to describe this? [SHA512 128/128 X0P 2X])
27th Dec 2019, 8:43 AM
Adi Pratama
Adi Pratama - avatar
+ 1
these are hashing algorithms ... the screen shot says that the password salts are encrypted with either of those algorithms... there are three salts for password and john tool has detected that that all three have a different hashes ... btw kali linux is amazing 😁.. are u trying to crack user's password?
27th Dec 2019, 7:28 AM
Prashanth Kumar
Prashanth Kumar - avatar
0
what the rest means i don't know. I already said crypt is the linux hashing function, my guess is the 3 stands for the amount of different users/salts detected. the rest is probably just additional information about it. look up the documentation of the program you're using, I don't think this is the right place to get support for other software.
27th Dec 2019, 8:47 AM
grdr