Dropbox Bcrypt

$2a$08$NtV8sfw.KwOBsoyAsQS3zunxqAXF6D8sAUEoFmtINSG3pnfVTBtiK

general knowledge of Bcrypt thread as well as possible ways to go about decrypting for technology paper purposes

It's not encryption. You can't find the original password. You're a retard.

False, bcrypt can be decrypted, move along noob.

they can not be converted simply to plain text but the original hash may be found which can

You don't "decrypt" a hash.

bcrypt is used for hashing, not encryption.

so therefore what youre saying is an original password can come from cracking the hashes and your problems are with the words used to describe the process

This is a learning thread so post reasoning instead of annoying shitpost

I believe I have heard it can be done except I do not know how to either

>so therefore what youre saying is an original password can come from cracking the hashes and your problems are with the words used to describe the process
They aren't saying that at all. You aren't decrypting anything, you are just generating another hash and then comparing the two, if they don't match you move on to the next one.

OP Is a faggot and has no idea what he's talking about, once again.

Sup Forums has gone to shit since Sup Forums went mainstream.

then how would that hash be converted to plain text

>then how would that hash be converted to plain text
....what? You don't convert them, you just keep track of what the original password was before you hashed it. If you do that enough times, eventually you will fine a hash that you generated that matches the one you were trying to "decrypt" to begin with. Eventually in this case means never pretty much, but the point still stands.

You have no idea what you're talking about.

finally someone who knows what theyre talking about, i know its possible i.e. ashley madison

I really don't know why you are struggling with this concept, it's pretty easy to grasp.

not same poster

This thread is just depressing

K. Good luck matching the algorithm, the number of iterations, the salt and the finally the password.

the algorithm is blowfish, 9 steps, salt is known just by looking at the hash, i'm not sure what you mean

8 steps*

also in terms of dropbox the key is the user id number.. so

Not the same user, but it's amazing you think that anyone who explains something to you doesn't know what they're talking about. Hopefully this will get through that thick skull of yours.

You cannot 'decrypt', 'reverse', or undo in any way a hashing algorithm. What this means in day to day life is that you can only find what are called collisions. This is when an input, such as a string of text, produces the output hash you are looking for. Using the deprecated md5 hashing algorithm, I create the hash for the string, 'password'.

echo "password" | md5sum

The hash is 286755fad04869ca523320acce0dc6a.

Without knowing the input string, you could simply go through the list of most commonly used passwords and find a string that matches. You will never reverse the algorithm, but you can find a match, which is what everyone is trying to convey to you.

Of course, salting the hashes would prevent you from going through a wordlist, but that's something else.

>Of course, salting the hashes would prevent you from going through a wordlist, but that's something else.
That's incorrect, since the salt is, almost always, provided with the hash.

The purpose of salts is mainly preventing time-space trade-offs such as rainbow tables.

There is nothing to get through my thick skull, someone talking shit is not someone explaining the process, as you just did so thank you, I understand the basic tenants behind the process so half of what I was looking for were the logistics on how to process on how people have in fact found a match to hashes such as the one provided above so thank you

>I understand the basic tenants behind the process
You don't know shit, especially not Dunning-Kruger apparently.
You need to learn to use Google and recognize when you have no clue what you're talking about.

coming from someone who mistakes using proper grammar on Sup Forums to having superior intelligence, you must not know dunning kruger either

Thanks for the correction!

Sorry for being so abrasive user, I know you're just trying to learn.

exactly thank you, I am simply just trying to learn.

The difference being that I'm aware my English is imperfect, being that I'm a foreigner.
And I'll add that intelligence has nothing to do with knowledge, but arrogance often points to a lack of intelligence.

except my acknowledgement of not using proper grammar should suffice as awareness of such, basic logic, I also find it odd that someone who says "you dont know shit" can expect anyone else to be anything but "Arrogant" after that statement.

I don't believe it's arrogance to call out arrogance, and that's what I'm seeing in this thread.
I don't claim to be better than anyone, but you don't start a "learning thread" by rejecting valid explanations while clearly demonstrating total confusion about the subject.

Assuming the same person is rejecting valid explanations and also assuming that person is me

having said that even though I may have come off arrogant, I appreciate what I have learned in this thread

That's fine, sorry I replied to the wrong user then, but my point still stands for whoever else it was.

If you learned, that's at least a positive thing. Now what would be good is if you made your on research before creating threads like this.

I have tried to research but I just started learning yesterday and just wanted to throw myself into an environment, very well a hostile environment, to learn more at once

What the actual fuck?! How come this faggot hasn't been banned?

GET THE FUCK OUT OF MY Sup Forums.

What the actual fuck? You show up 3 hours later to shitpost in a dead thread and you don't even sage?

>GET THE FUCK OUT OF MY Sup Forums.

Install Gentoo

T H I S S
H
I
C
C

Sup Forums is pure shit, this thread is a testament to that fact

You're pure shit.

your*

I bet you know how many toes a fish has.

What's the point of the salt when it's right next to the hashed password?

the salt is never the same for the same input, then when you verify the checksum you need to know the salt, algorithm used, and passes done. Hence its all stored in the same string so it's easy. Its just like adding random characters to any given password essentially. There may also be a 'pepper' applied which is a constant salt applied to every hash function. Peppers are not recommend.

for example

(Z = hash(n)) != (Y = hash(n))

but

verify(Z,n) and verify(Y,n) both return true.