View Single Post
  #8  
Old 10-19-2020, 09:35
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,053 Times in 478 Posts
chants Reputation: 48
Do you know multiple hashes from the same key with different known plaintext?

E.g
Fixed text+salt1+password->sha1 hash1
Fixed text+salt2+password->sha1 hash2
...

Then a SAT solver starts to beat brute force and with enough salt and hash pairs starts to become practical.

I've wanted to do this exact idea on IDA7.2 since we have 2 decompiler installers with identical filename guids and almost surely same passwords. Sure a single hash is hard to break but it would be really interesting to know when this attack becomes practical. I dont think it's been researched much.
Just a thought as if there is a context where 80 or so input bit are unknown but dozens of pairs are available then brute force will take a century but a SAT solver would might take minutes. I say might because presumably the equations sharing input bits should reduce the search much more quickly. You dont need the whole 160 bit hash either. Probability wise you need around the same % as % input bits are unknown. Unknown input bits×160/512. Again I dont know as I need time for such research but sometime I might do this for publication even. It's too interesting not to try
Reply With Quote