Correction to serious page about bcrypt #184

Merged
merged 1 commit into from Sep 15, 2013

Conversation

Projects
None yet
2 participants
@eXeC64
Contributor

eXeC64 commented Sep 15, 2013

With something as predictible in format as an IP address, recovering the
original IP address from the bcrypt hash is not impossible, only
infeasible. bcrypt hashes contain the salt, digest and number of rounds
used. Using this information you can attempt a brute force of the IP
address with the same salt and number of rounds. It will take a long
time, but it can be done.

The original text of the page is accurate, however it implies that
recovering an IP address from the bcrypt hash is impossible, which is
incorrect.

Correction to serious page about bcrypt
With something as predictible in format as an IP address, recovering the
original IP address from the bcrypt hash is not impossible, only
infeasible. bcrypt hashes contain the salt, digest and number of rounds
used. Using this information you can attempt a brute force of the IP
address with the same salt and number of rounds. It will take a long
time, but it can be done.

The original text of the page is accurate, however it implies that
recovering an IP address from the bcrypt hash is impossible, which is
incorrect.

SirCmpwn added a commit that referenced this pull request Sep 15, 2013

Merge pull request #184 from eXeC64/master
Correction to serious page about bcrypt

@SirCmpwn SirCmpwn merged commit d54f529 into MediaCrush:master Sep 15, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment