I'm new into cryptography and I was trying to learn something about security exploits. I read some interesting things about SHA/SHA256 vulnerabilities, like the length extension attack([1], [2]) and I was curious to know more about other possible attacks, that can be suitable for the following situation:
I have an account and I need to brake it. I know that the username contains a specific string(eg: Admin)and that the password is computed in the following manner:
check = SALT + username
check = SHA.new(check).digest() + SHA256.new(check).digest()
I don't know the SALT(the length is over 15, so I can't use any brute force attack). However, I am able to create other users(except the ones that contain the 'Admin' string) and get their hashed passwords. All the users have the same SALT.
I appreciate any explanation!
Aucun commentaire:
Enregistrer un commentaire