Government Security
Network Security Resources

Jump to content


Md5 And Salts

hash md5
  • Please log in to reply
3 replies to this topic

#1 joewhite



  • Members
  • 3 posts

Posted 23 June 2005 - 05:30 PM

I can't understand hashes and salts. I made a password of 'a' on my Invision Forum and then I looked up the hash and the salt for it in my database. I typed in the salt and then 'a' beside it through Cain and Abel and got it to convert it to an MD5. I thought this hash would turn out the same as the one recorded in the forum. This is because I thought the salt gets appended to the password and then it is hashed. By appending a known salt to a known password I thought the hash would turn out the same. When I did this though the hash turned out different from the one recorded in the Invision Forum. Please explain.

#2 nuorder


    Sergeant First Class

  • Members
  • 574 posts

Posted 23 June 2005 - 07:24 PM

i posted this a while ago elsewhere and it seems to relate to your question

the following ipb function generates a random 5 character salt when that user registers their account for the first time. Note that random time is used.
function generate_password_salt($len=5)
	$salt = '';
	srand( (double)microtime() * 1000000 );
	for ( $i = 0; $i < $len; $i++ )
  $num   = rand(33, 126);
  if ( $num == '92' )
 	 $num = 93;  
  $salt .= chr( $num );
	return $salt;
now lets say that our randomly generated salt is '12345' (ok im being boring)
And that our password we use to login is 'qwerty'

take a look at the ibf_members_converge table it contains two important values
converge_pass_salt: contains the value '12345'
converge_pass_hash: contains md5( md5('12345').md5('qwerty') )

so this is what happens during authentication
if ( $this->member['converge_pass_hash'] == $this->generate_compiled_passhash( $this->member['converge_pass_salt'], $md5_once_password ) )
	return TRUE; //all good :)
$this->member[] is just a private array of the class_converge which contains some of these values i mentioned
Take a look at class_converge.php it is where most of the action is at

To bruteforce the hashes you need the ibf_members_converge table.
1 pass of a generalised brute forcer may look like this:
if ( md5(salthash.md5(currvalue)) == myhash)
salthash is the md5 hash of our salt, currvalue is the current bruteforce string (eg a,ab,abc,etc), myhash is the hash you want to crack
Basically double the effort is required to break this and rainbowtables cant be used

As far is i can tell member_login_key which is in the ibf_members table is only to do with autologin? but i may be wrong
Please correct me if im wrong in any of this but you get the gist of it.

This is a smart move by forum developers to use a salt in order to protect their precious users so put your thinking hats on ;)

#3 FuzZyBeeR



  • Members
  • 246 posts

Posted 23 June 2005 - 11:59 PM

Thanx nuorder That makes my salt problem a bit more clear! :D

#4 Blake


    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 24 June 2005 - 07:32 AM

Great Explanation --- Archived

Also tagged with one or more of these keywords: hash, md5