How do hackers keep checking different passwords against the leaked hash-key without getting shut out after x attempts?

357 viewsOtherTechnology

If they don’t know the function generating the hash-key, what do they test it against? I assume every website uses a unique function for converting passwords into keys.

In: Technology

8 Answers

Anonymous 0 Comments

> I assume every website uses a unique function for converting passwords into keys.

You are wrong. they all use the same well known hashing algorithms (in the case of the Internet Archive leak, bcrypt) . Security through obscurity doesnt really work so there isnt a point to using a unique algorithm.

and since the hashes were leaked and the hacker has them and the algorithm locally, there is nothing to shut them out of.

if you want something “fun” to do, try to find the password that hashes to `$2y$10$fksFP0dp5MOKVhl9z8mTqe1Jx8r0zr1EOEkCpjo7Kf9JJpZ11V0NO` in bcrypt. (here is a website to generate the hashes even if you dont know how locally https://bcrypt.online/)

You are viewing 1 out of 8 answers, click here to view all answers.