|
|
|
|
|
|
by starmilk
874 days ago
|
|
|
What you generally feed into password cracking software is hashes of passwords that you've found by listening on the network, dumping from memory, or obtained by chaining another vulnerability. These are in a text file locally (offline), so there is no system that you are submitting hashes to for verification. It simply tries md5(your_password_guess) until it computes the same hash that you supplied. This is oversimplified and you can replace md5 with any hash alg that you need, but i hope it makes it clear that guesses don't happen against the auth server. |
|
|