Skip to main content
Information Security

Return to Question

Rephrased the question
Source Link
user316
user316
  • 183
  • 1
  • 2
  • 5

Can I brute-force a password hash even if I don't know the underlying algorithm?

For example if I gotget hold of a hashdatabase with password hashes and perhaps even know the input for thatused hash algorithm is unknown, like a random mix of SHA/MD5/Bcrypt/custom/Salt/Pepper. Can I

Will a password cracking expert still be able to brute force it even if the algorithm used ispassword hashes?

I also guess (for a mixpublic web site) that you can at least create your own "account" with a known password, so you have perhaps one known input->hash pair. Will that be of bcrypt/sha and some custom "randomization"any use?

Can I brute-force a password hash even if I don't know the underlying algorithm?

For example if I got a hash and perhaps even know the input for that hash. Can I still brute force it even if the algorithm used is a mix of bcrypt/sha and some custom "randomization"?

Can I brute-force a password hash even if I don't know the underlying algorithm?

For example if I get hold of a database with password hashes and the used hash algorithm is unknown, like a random mix of SHA/MD5/Bcrypt/custom/Salt/Pepper.

Will a password cracking expert still be able to brute force the password hashes?

I also guess (for a public web site) that you can at least create your own "account" with a known password, so you have perhaps one known input->hash pair. Will that be of any use?

Tweeted twitter.com/#!/StackSecurity/status/466469269300318208
Source Link
user316
user316
  • 183
  • 1
  • 2
  • 5

Can I brute-force a password hash even if I don't know the hash-algorithm used?

Can I brute-force a password hash even if I don't know the underlying algorithm?

For example if I got a hash and perhaps even know the input for that hash. Can I still brute force it even if the algorithm used is a mix of bcrypt/sha and some custom "randomization"?