Conversation

Notices

1. Embed this notice
   Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 05:51:43 JST Ryan Castellucci :nonbinary_flag:

   • Royce Williams

   @tychotithonus What's a password hash format that's 22 bytes and ends in 03?

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Tuesday, 02-Apr-2024 06:56:39 JST Sophie Schmieg

     in reply to

     • Royce Williams

     @ryanc @tychotithonus unpadded base64 of 16 random bytes leads to 22 byte strings. They wouldn't have the same last character, though, but 4 different options A, Q, g, and w.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:00:34 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Sophie Schmieg
     • Royce Williams

     @sophieschmieg @tychotithonus I thought of that, but it's not base64, and clearly has a salt.

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:09:24 JST Sophie Schmieg

     in reply to

     • Royce Williams

     @ryanc @tychotithonus hmm, 22 printable characters? Even in binary that'd be too short for modern hash functions, putting it in brute force range depending on the size of the salt.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:20:20 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Sophie Schmieg
     • Royce Williams

     @sophieschmieg @tychotithonus They're not printable characters.

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:21:00 JST Royce Williams

     in reply to

     • Sophie Schmieg

     @ryanc @sophieschmieg

     Yeah, that's funky - if the last byte is always ends in 03, that sounds non-standard / artificial - static salt? Or is the obvious salting separate from that? Could be someone playing with truncation. Are you at liberty to share a few samples (under separate cover if needed)?

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:21:17 JST Sophie Schmieg

     in reply to

     • Royce Williams

     @ryanc @tychotithonus ah, so 22 binary characters, all ending in 0x03?

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:24:32 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Sophie Schmieg
     • Royce Williams

     @tychotithonus @sophieschmieg

     password:C3C04C83C3185293FF21E6D7D3B5FA87F47077680E03

     password:546566DF5450494B05A1836150B78B7FE4F7FF533903

     password:85F57F83684F7471727F4263B19BEDBFD547CFD26103

     password:65F77F82790193977C63404D5E6B5E77C5E799D38B03

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:28:16 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Sophie Schmieg
     • Royce Williams

     @tychotithonus @sophieschmieg

     potato:9AF5500E689D9E8579D1A7B350A5A5A704D9C0DE5D03

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 02-Apr-2024 07:40:35 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Sophie Schmieg
     • Royce Williams

     @tychotithonus @sophieschmieg It might be encrypted? Firmware's got a bas62 character set string.