09-24-2018, 03:53 PM

I'm having trouble understanding the SHA1(SALTPLAIN) in disqus dump.

I would normally think the salt, in hex there, would always be divisible by 2 when in hex chars, not an odd number (like five chars). Although I suppose anything is possible.

The first few hashes look really hairy, lots of leading zeros. Reminds me of finding a PoW hash in Bitcoin mining

So can someone help with the disqus format, which looks like this?

... lots of others, all the same. Maybe the salt has been accidentally cut off? Maybe it's encoding the salt in hex improperly? Or am I misinterpreting the hex and it's something else that looks exactly like a hex string?

Is SHA1(SALTPLAIN) the same as hashcat mode 120, i.e. sha1($salt.$pass)? Maybe there's an iteration in there that I'm missing?

Thanks for any help.

I would normally think the salt, in hex there, would always be divisible by 2 when in hex chars, not an odd number (like five chars). Although I suppose anything is possible.

The first few hashes look really hairy, lots of leading zeros. Reminds me of finding a PoW hash in Bitcoin mining

So can someone help with the disqus format, which looks like this?

Code:

`4d58c8aad8de711a3c2a353ba9d7434d20f2d4ad:5159d`

4d58d010ce49e8221933b97757ae906a927a770f:977b3

4d58d0398e648eaf21e68091d88eea31e1cdfbc4:c7204

4d58d6a15096e086f13a9a5cecf32adcf701c3a3:30007

4d58d810e17dad199d31aa9187c63fb4b996955c:59b99

4d58d82cd38d60ef0deda2995be49529386a48af:ce857

4d58d857632b6e19895deec05bb905b7a6bff875:a2a17

... lots of others, all the same. Maybe the salt has been accidentally cut off? Maybe it's encoding the salt in hex improperly? Or am I misinterpreting the hex and it's something else that looks exactly like a hex string?

Is SHA1(SALTPLAIN) the same as hashcat mode 120, i.e. sha1($salt.$pass)? Maybe there's an iteration in there that I'm missing?

Thanks for any help.