Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hash type SHA1(SALTPLAIN) - disqus
I'm having trouble understanding the SHA1(SALTPLAIN) in disqus dump.

I would normally think the salt, in hex there, would always be divisible by 2 when in hex chars, not an odd number (like five chars). Although I suppose anything is possible.

The first few hashes look really hairy, lots of leading zeros. Reminds me of finding a PoW hash in Bitcoin mining Smile

So can someone help with the disqus format, which looks like this?


... lots of others, all the same. Maybe the salt has been accidentally cut off? Maybe it's encoding the salt in hex improperly? Or am I misinterpreting the hex and it's something else that looks exactly like a hex string?

Is SHA1(SALTPLAIN) the same as hashcat mode 120, i.e. sha1($salt.$pass)? Maybe there's an iteration in there that I'm missing?

Thanks for any help.
The salt of the disqus hashes is not converted to binary before being used. So it's just a normal salt like if you would have just normal chars there instead of the hex.

So the algorithm is sha1($salt.$pass) just taking the salt and the plain as normal text input, e.g. sha1("5159d".$pass).

Yes, the first very few hashes maybe look a bit suspect, but technically you never know..
Thanks. I ran a test and got over 10k finds pretty quickly.

I have to fix it up a little. Salt length and salt separator missing issues.

By the way, my quality score was very low. Could I assume that means I've only managed to recover a few new passwords not seen yet (percent of founds)? Or is quality something else? Maybe the strength of passwords?
The quality denotes the percentage of the lines you uploaded and were a new found which were in the left list.

So there are multiple reasons the quality is not that good:

- Someone was faster and uploaded the found for a hash before you
- The uploader was not able to parse your found (this mostly happens when the salt contains a colon). In this case maybe try with using a separator which for sure is not in any of the salts and set this one on upload.
- The plain was invalid

Please note that in case you are using the collected left lists of all hashlists that these are only updated once a day. The left lists of the leaks/hashlists are much more accurate, they get updated shortly after found uploads (normally just a few minutes).

Forum Jump:

Users browsing this thread: 1 Guest(s)