|
|
#8
10-19-2020, 09:35
|
|||
|
|||
|
Do you know multiple hashes from the same key with different known plaintext?
E.g Fixed text+salt1+password->sha1 hash1 Fixed text+salt2+password->sha1 hash2 ... Then a SAT solver starts to beat brute force and with enough salt and hash pairs starts to become practical. I've wanted to do this exact idea on IDA7.2 since we have 2 decompiler installers with identical filename guids and almost surely same passwords. Sure a single hash is hard to break but it would be really interesting to know when this attack becomes practical. I dont think it's been researched much. Just a thought as if there is a context where 80 or so input bit are unknown but dozens of pairs are available then brute force will take a century but a SAT solver would might take minutes. I say might because presumably the equations sharing input bits should reduce the search much more quickly. You dont need the whole 160 bit hash either. Probability wise you need around the same % as % input bits are unknown. Unknown input bits×160/512. Again I dont know as I need time for such research but sometime I might do this for publication even. It's too interesting not to try 
|
| Tags |
| flexlm |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Flexlm ECC alternate patching methods | nathan | General Discussion | 104 | 07-28-2025 13:09 |
| Brute Forcing a Custom CRC | chessgod101 | Source Code | 0 | 05-30-2014 03:48 |
Threaded Mode