Fcc-brute-force-password-cracker - hint to salted

s-projects18 · October 28, 2020, 5:07am

Just a hint for other idiots like me.

In the readme of this project:
https://www.freecodecamp.org/learn/information-security/information-security-projects/sha-1-password-cracker

You find the following instruction:

The function should take an optional second argument named use_salts . If set to true, each salt string from the file known-salts.txt should be appended AND prepended to each password from top-10000-passwords.txt before hashing and before comparing it to the hash passed into the function.

I did something like this (which failed and I lost a lot of time with checking the encoding, hash-functions etc):
salted_password = salt + password + salt

What actually should be done is performing TWO checks:

salted_password1 = password + salt
salted_password2 = salt + password

jdelarubia · September 22, 2020, 5:55pm

Thank you very much, @s-projects18! you did a massive good here! (I was stuck at the same point)

andreibexa · December 16, 2020, 12:16am

That AND was not what I thought:

The function should take an optional second argument named use_salts . If set to true, each salt string from the file known-salts.txt should be appended to each password from top-10000-passwords.txt before hashing and before comparing it to the hash passed into the function.
AND
The function should take an optional second argument named use_salts . If set to true, each salt string from the file known-salts.txt should be prepended to each password from top-10000-passwords.txt before hashing and before comparing it to the hash passed into the function.

romainyvernes · February 11, 2021, 4:53am

I guess I’m another idiot haha thanks for the tip!!

c0d32-freecodecamp · February 11, 2021, 4:01pm

Should change the AND to OR.

JeremyLT · February 11, 2021, 4:17pm

No, it really should say AND.