Hashes.org Forum

Full Version: Hash type SHA1(SALTPLAIN) - disqus
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'm having trouble understanding the SHA1(SALTPLAIN) in disqus dump.

I would normally think the salt, in hex there, would always be divisible by 2 when in hex chars, not an odd number (like five chars). Although I suppose anything is possible.

The first few hashes look really hairy, lots of leading zeros. Reminds me of finding a PoW hash in Bitcoin mining Smile

So can someone help with the disqus format, which looks like this?

Code:
4d58c8aad8de711a3c2a353ba9d7434d20f2d4ad:5159d
4d58d010ce49e8221933b97757ae906a927a770f:977b3
4d58d0398e648eaf21e68091d88eea31e1cdfbc4:c7204
4d58d6a15096e086f13a9a5cecf32adcf701c3a3:30007
4d58d810e17dad199d31aa9187c63fb4b996955c:59b99
4d58d82cd38d60ef0deda2995be49529386a48af:ce857
4d58d857632b6e19895deec05bb905b7a6bff875:a2a17

... lots of others, all the same. Maybe the salt has been accidentally cut off? Maybe it's encoding the salt in hex improperly? Or am I misinterpreting the hex and it's something else that looks exactly like a hex string?

Is SHA1(SALTPLAIN) the same as hashcat mode 120, i.e. sha1($salt.$pass)? Maybe there's an iteration in there that I'm missing?

Thanks for any help.
The salt of the disqus hashes is not converted to binary before being used. So it's just a normal salt like if you would have just normal chars there instead of the hex.

So the algorithm is sha1($salt.$pass) just taking the salt and the plain as normal text input, e.g. sha1("5159d".$pass).

Yes, the first very few hashes maybe look a bit suspect, but technically you never know..
Thanks. I ran a test and got over 10k finds pretty quickly.

I have to fix it up a little. Salt length and salt separator missing issues.

By the way, my quality score was very low. Could I assume that means I've only managed to recover a few new passwords not seen yet (percent of founds)? Or is quality something else? Maybe the strength of passwords?
The quality denotes the percentage of the lines you uploaded and were a new found which were in the left list.

So there are multiple reasons the quality is not that good:

- Someone was faster and uploaded the found for a hash before you
- The uploader was not able to parse your found (this mostly happens when the salt contains a colon). In this case maybe try with using a separator which for sure is not in any of the salts and set this one on upload.
- The plain was invalid

Please note that in case you are using the collected left lists of all hashlists that these are only updated once a day. The left lists of the leaks/hashlists are much more accurate, they get updated shortly after found uploads (normally just a few minutes).