Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 30
Members Online: 1

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Page 1 of 2 1 2 >
Author

idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 18:48
i just had this nice idea, to encrypt users' passwords on your site, make a script that reads the password letter by letter, and make it encrypt every letter into MD5 or whatever, so lets say if you had a 10 chars length password, you'll have 10 md5 hashes next to eachother....and then MD5 the result.. so let's say my password is "god", the script will do this:

g=b2f5ff47436671b6e533d8dc3614845d
o=d95679752134a2d9eb61dbd7b91c4bcc
d=8277e0910d750195b448797616e091ad

g+o+d=b2f5ff47436671b6e533d8dc3614845dd95679752134a2d9eb61dbd7b91c4bcc8277e0910d750195b448797616e091ad

hash =460d40de12f6e6b2428afc31555ca5e6 (Which is the MD5 of g+o+d)


Author

RE: idea about encrypting passwords..

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 10-05-06 19:11
nice idea, but theres a limit to how long a string can be to be encyrpted with Md5.

i cant remember the exact length, but im sure with a name like longer than a few charachters will have problems when trying to MD5 it.


http://www.hellboundhackers.org/
Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 19:20
oh........
how abt Sha-1 ?


Author

RE: idea about encrypting passwords..

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 10-05-06 19:22
princible applies to all forms of encyrption alithograms.


http://www.hellboundhackers.org/
Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 19:23
you could hsh thm in pairs.
god
hash:
g
o
d
hash:
hashs(g and o)
hash hahs (g+o and d)


Author

RE: idea about encrypting passwords..

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 10-05-06 19:41
g+o+d=020EC4594D7210162684DE2E2A061161D6

That is you take the 3 hashes and add them together. They turn out to be gobbledegoop but it will be a better encyption than trying to encrypt a 96 character password Pfft


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 19:56
Mr_Cheese wrote:
nice idea, but theres a limit to how long a string can be to be encyrpted with Md5.

i cant remember the exact length, but im sure with a name like longer than a few charachters will have problems when trying to MD5 it.


I once calculated that number. If I'm not mistaking it was between 25 and 30. So having a long pass doesn't mean that you're secure.

It could be that the pass of your 55 char pass is also the hash of 'a', and in this case, you could just access your account using a Pfft



Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 20:02
yeah i had this collision question some time ago Pfft should be somewhere in the forums...


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 20:09
is it possible to put a pwd into md5 and then sha1 or vice versa?


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 20:17
Yep, by doing:

Code

<?
$password="whatever";
$encrypted=md5(sha1($password));
?>





that would md5 the string, then sha1 the md5 hash.


Author

RE: idea about encrypting passwords..

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 10-05-06 20:17
it IS possible to do this (Termed as Double Dutch by some) But the password will be no more secure than if you put into double MD5 or double SHA1. the collision rate is 1 in 340 decillion. this is not that high thinking of how many characters that could be. excluding ASCII characters that would be a maximum of...20 characters. SHA1 is a bit larger with a max of around 25 characters. so a new algorithm would have to be made. perhaps one that has alphanumeric instead of hex.

178,689,910,246,017,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
would be the number of possible passwords with a 36 character algorithm that was 40 characters long.

MD5 = 340,282,366,920,938,000,000,000,000,000,000,000,000

SHA1 = 1,461,501,637,330,900,000,000,000,000,000,000,000,000,000,000,000

still a rare chance but it does happen to have collisions.


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 20:24
i see


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 22:09
nice idea, but theres a limit to how long a string can be to be encyrpted with Md5.

i cant remember the exact length, but im sure with a name like longer than a few charachters will have problems when trying to MD5 it.



To Mr_Cheese and the_cell, there is no limit on how many characters you can use in any encryption algorithm, ESPECIALLY MD5. MD5 was first made and intended to 'fingerprint' full documents, this could mean an entire book! Aldarhawk is right about the probability of finding collisions, however it is still a pretty good idea because if every character is encrypted and then that entire string is encrypted, it won't be susceptible to brute-force or dictionary attacks. On top of that, the hacker is likely to think it's a normal MD5 hash and go on trying to brute-force it, meanwhile keeping your passwords secure.

I personally use my own encryption algorithm for securing data, but that's just me.





Edited by on 10-05-06 22:10
Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 22:42
What I'm using for H2H right now is to MD5 the password, salt it, then MD5 it again. That's about as secure as I need it to be - anyone that cracks a password deserves to get into that account Pfft

Unless it's the US government...Grin


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-06 22:53
Lol, well I'll bet I could Wink If you know the algorithm, it's not hard to crack. I would keep it secret if I was you and perhaps periodically change the key.


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-06 07:16
Your encryption method has a horrible hole other than the whole "string size limit" crap.

If you encrypted one letter at a time then that means there are very few possible hashes. Let's assume all passwords are alphanumeric- that's 26 letters and 10 numerals, making 36 different possible hashes. Since md5 always makes a 32-character hash, you just have to split it into segments of 32 and say "if it looks like this, it's an A. if it looks like this, it's a B."

A computer program could crack your hash in a matter of seconds.


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-05-06 08:39
b1tw1s3 wrote:
Your encryption method has a horrible hole other than the whole "string size limit" crap.

If you encrypted one letter at a time then that means there are very few possible hashes. Let's assume all passwords are alphanumeric- that's 26 letters and 10 numerals, making 36 different possible hashes. Since md5 always makes a 32-character hash, you just have to split it into segments of 32 and say "if it looks like this, it's an A. if it looks like this, it's a B."

A computer program could crack your hash in a matter of seconds.


No it couldn't, MD5 can't be reversed like your thinking... Plus, if a hacker found the pass, he would prolly think its a regular MD5 like stated above. If the hacker did figure out the method used, he would need to program a brute force/dictionary attack program which md5'd each individual letter, put those into a string, md5'd that new string, and then compared it to the hash he is tryin to crack. It would take longer than a normal brute force since there would be (password length + 1) md5 encyrptions taking place for each check. Why not make your own algorithm to add up the characters into a single hash and then md5 encrypt this again. Making your own algorithm is probably the most secure way since the possibilities are endless, as long as no1 gets ahold of your key.


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-06 02:03
Oh XP The final hash is the hash of the conjoined hashes. I was thinking that his final hash was just the conjoined hashes. That's what I get for reading quickly and really early in the morning. Much apologies for the misunderstanding ^^;; But I don't think it would actually take that much longer to brute force it. Because if you think of it, there's a limitted number of possible hashes and therefore multiple different strings would render the same hash. While "b2f5ff47436671b6e533d8dc3614845dd95679752134a2d9eb61dbd7b91c4bcc8277e0910d750195b448797616e091ad" creates the desired hash (460d40de12f6e6b2428afc31555ca5e6), there's probably a 14-letter or less string that makes the exact same one. Sure it may end up being an odd password like "%4Hs*kZ", but it'd still generate the same hash and therefore solve our purposes.


Author

RE: idea about encrypting passwords..


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-05-06 02:09
Well, you all can do that I just use a really long password like

ethyl-s-2-diisopropylaminoethylmethylphosphonothiolate


Author

RE: idea about encrypting passwords..

bl4ckc4t
Member

Your avatar

Posts: 591
Location: /etc/
Joined: 07.03.06
Rank:
Wiseman
Posted on 22-05-06 03:00
Rebirth wrote:
well most sytems now uses Double MD5's or Salted Md5's. While not unbreakable these little things can be some MAJOR security help


Heh, do double dutch, Md5, theh SHA-1. Its DAMN hard to crack.

Bl4ckC4t


Page 1 of 2 1 2 >