|
|
|
|
|
|
by thevania
1051 days ago
|
|
|
when you look properly at the end of the video the root hash starts with $y$ implying its yescrypt more info here https://manpages.debian.org/unstable/libcrypt-dev/crypt.5.en... https://www.openwall.com/yescrypt/ once you have the hash you have to use some rainbow tables if they exist for that hash function or bruteforce it the authors of yescrypt claim: "Technically, yescrypt is the most scalable password hashing scheme so far, providing near-optimal security from offline password cracking across the whole range from kilobytes to terabytes and beyond. " in any way, this is a local attack, someone / some software on your local machine would need to execute it so i am not overly stressed, password hashes leak all the time from all different sources yet, it does worry me because my AMD stock is dropping on value because of this today :D |
|
|
On that list, NT is the only completely unsalted hash, plus DEScrypt and its variants might still be susceptible with its 12 bit salt. Like all decent password hashes, yescrypt is salted.