What is password hashing?
Hash algorithms are one way functions. They turn any amount of data into a fixed-length "fingerprint" that cannot be reversed. They also have the property that if the input changes by even a tiny bit, the resulting hash is completely different (see the example above). This is great for protecting passwords, because we want to store passwords in a form that protects them even if the password file itself is compromised, but at the same time, we need to be able to verify that a user's password is correct.
hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
The general workflow for account registration and authentication in a hash-based account system is as follows:
- The user creates an account.
- Their password is hashed and stored in the database. At no point is the plain-text (unencrypted) password ever written to the hard drive.
- When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
- If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
- Steps 3 and 4 repeat everytime someone tries to login to their account.
What is Salt Password ?
cryptography, a salt is
random data that is used as an additional input to a
one-way function that "
passphrase. Salts are closely related to the concept of nonce
Let me explain Hash of "hello" is 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
but a salted hash of "hello" can be anything , what happens is a random salt is mixed with in the hash
What is a Mixed Case Password ?
Letters in mixed case means using "UPPER CASE" and "lower case" as well as "numb3rs" For example, my name using upper case, lower case, and numbers. " HaCk0loGy" is a mixed case password, but due to high computing power available such passwords are no more considered secure , or if they are used they are still stored encrypted in the database.
You may read my Password Guide
I did few years back which might help you ,
How to Crack Encrypted Passwords ?
For breaking such encrypted / hash passwords you will need to bruteforce against known Dictionary , your Kali Install has alot of such tools, you can get some names from here
like John the Ripper and more...
Let me share a very professional Password Cracking forum which is the best on Internet : Insider Pro
. These guys are the best in cracking passwords and telling you how to get on with cracking