Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 30
Members Online: 0

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Page 6 of 8 << < 3 4 5 6 7 8 >
Author

RE: Uncrackable encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 08-05-07 21:22
Why not post the full source in the code bank? It would be great to see an open-source-one-way-hash algo here on HBH, that actually works.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 08-05-07 21:22
http://bitsofspy.net
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-05-07 21:24
Just wanted some clarification, because

FaTaL_PrIdE also wrote:
However, the actual operations are very simple ones and reversing them is very easy. They are basic string/hex/mathematical operations ...



Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-05-07 21:26
spyware wrote:
Why not post the full source in the code bank? It would be great to see an open-source-one-way-hash algo here on HBH, that actually works.


lol. I will think about it.


[thinking]
...
[/thinking]

Ok. I decided to make just simple 6 functions one-way-hash for code bank that actually works. Just for people that wanna learn. Wink

I really don't wanna mess up my own encryption because I am having plans and I want it to be secret. B)

Digitalchameleon. I will PM you Smile


digitalchameleon wrote:
Just wanted some clarification, because

[quote]FaTaL_PrIdE also wrote:
However, the actual operations are very simple ones and reversing them is very easy. They are basic string/hex/mathematical operations ...


Edit:


FaTaL_PrIdE also said:
I agree it absolutely not reversible to the initial string, but its not beyond bruteforcing by any means.


He didn't say that you can reverse it to get password. He just said how math functions are simple Wink

Why you just can't believe?







Edited by on 08-05-07 21:51
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-05-07 22:08
It's nothing against you, but saying that something is uncrackable is quite an extraordinary claim. Extraordinary claims requires extraordinary evidence. (somebody said that)

Not all math functions are easy to reverse. For example, if I take two prime numbers, say 7 and 13, and multiply them using my calculator, I get 91 quite easily. But, for you to be given the number 91, and told to reverse the process (factor it into two prime numbers) it's a bit more difficult. You have to factor 91, then find out which of the factors are prime. Now imagine if, instead of 13 and 7, I used very very large prime numbers. Sure it gets hard for me, but it gets way harder for you to reverse it. This is just one example of a one way function. Here are some more. http://en.wikipedia.org/wiki/One-way_function

Cheers. I look forward to the message.


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 08:59
This thread is getting quite popular Smile

Proggie still on its way. I'll post the algo source code to if anyone wants it. Work is just hectic at the moment though and so I'm not getting anytime to finish it off (plus I have a family to look after when I get home).

I think people are under the impression that kaksii is claiming some revolutionary new hash. I don't think he is, he's just climing that this one is long and would take some time to bruteforce. The operations are just things like (psudo code):

for i = 1 to end of string {
result = result & (hex value of string[i] * 3)
}

Ok, most are more complex than than, but you get the idea.

A hash can be something as simple as adding up all the ascii values of the chars in a string. Its simple, but its a hash. There would be collisions, but its not directly reversible to the initial string.

I'm not sure if there are collisions in kaksii's. On the one hand the hash is not fixed length and seems quite unique to a string. On the other, some of the operations are simple and the resulting numbers small so small that its possible/likely that there would be clashes. I've not spent anytime analysing...... it takes long enough to reverse thousands of lines of compiled VB.
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 09:21
FaTaL_PrIdE wrote:
...
Proggie still on its way. I'll post the algo source code to if anyone wants it.
...

I would love to have some pseudo code to work with.
Grin


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 12:37
FaTaL_PrIdE wrote:

I think people are under the impression that kaksii is claiming some revolutionary new hash. I don't think he is, he's just climing that this one is long and would take some time to bruteforce. The operations are just things like (psudo code):

....

I'm not sure if there are collisions in kaksii's. On the one hand the hash is not fixed length and seems quite unique to a string. On the other, some of the operations are simple and the resulting numbers small so small that its possible/likely that there would be clashes. I've not spent anytime analysing...... it takes long enough to reverse thousands of lines of compiled VB.



I am really not claiming some revolutionary hash.
It seems that only Fatal_Pride understands what I am trying to say.
I am just trying to make some more secure hash since md5 and sha1 are cracked. (It won't be that much popular lol)
But if you have some webiste and you wanna little better security and something different, new (unknown) kind of hash (that is not md or sha) would be great for security because it would be still not explored.

You mentioned clashes.
hmm... I am really not sure that there are errors in the algorithm.
(I might be wrong.)
But as you can see in the source code, I didn't put 'On error resume next', so there are no mismatch errors that are skipped.
Maybe I should write for example some password on paper 'pass123'
and do the algorithm manually. (I don't have that much time. It would take some time), but I will. And if I see any mistake in the code, I will fix it. It is still not final version. But still, I don't think that there are any clashes :ninja:





Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 14:52
can u pm me 2 with the VB code? tnx




Edited by on 09-05-07 14:52
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 14:57
Diassemble the exe... its all there Smile
Author

RE: Uncrackable encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 09-05-07 15:00
digitalchameleon wrote:
It's nothing against you, but saying that something is uncrackable is quite an extraordinary claim. Extraordinary claims requires extraordinary evidence. (somebody said that)


-Carl Sagan

And the open source thingy. How can you mess up your encryption if it's uncrackable. The source code of MD5 for example is known too. I don't see how this compromises the security of your algorithem.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 15:02
spyware wrote:
And the open source thingy. How can you mess up your encryption if it's uncrackable. The source code of MD5 for example is known too. I don't see how this compromises the security of your algorithem.


Because I don't like bruteforcing.

*Cheers to Fatal_Pride*


Author

RE: Uncrackable encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 09-05-07 15:03
LOL! You can't stop bruteforcing anyway. Bruteforcing is ALWAYS possible, you only can make it take so long (I'm talking millions of years) that it's useless.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 15:03
spyware wrote:
I don't see how this compromises the security of your algorithem.


It doesn't. But I think he is working on the idea that if he implements it in his site, it's even more secure if no-one knows the algorithm.

I agree that if we were to rip it to shreds and do a full analysis, posting the source is the way forward. As he's only going to use it himself, it seems perfectly sensible to keep the source private.
Author

RE: Uncrackable encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 09-05-07 15:04
Yeh, didn't knew he was using it for private use. In what language is the script currently written anyway?

[EDIT]
Just read back.
It's not a weblanguage? Will you port the whole code to PHP or something? How are you going to use it in combination with your website in it's current form?
[/EDIT]



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by spyware on 09-05-07 15:06
http://bitsofspy.net
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 15:11
Well, I did it in gay vb.
(Do not flame. I know the whole story)

Look. I don't think this encryption will become popular,
so I don't think I will post the code.

And, the bruteforcing will be tougher on my site because I have some plan.
If I type wrong password for some user, then next try will be vith CAPTCHA verification. As long the password is wrong, captcha will be there. Once he types the correct password, captcha is removed. And if he fails 10 times again, then the captcha appears again.

What do you think about this?

[]edit: Yes, it will be translated. Well, I'll found some way to implement it in my site and it will be same like every other site just with my encryption. (no md5 or sha1)





Edited by on 09-05-07 15:13
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 16:48
Ok... I've finished everything... just got to find a bug. For some reason it generates some strings correctly, but not others.

Pain in the arse.
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 18:19
Gotta say, since I've seen the source I've become more convinced of this systems security. Collisions seem likely, but reversing it, I don't know. Not all functions are simple math, and there are operations here that I don't know how to reverse.

Nothing is uncrackable, and nothing ever will be. But if I was an attacker, who managed to access kaksii site, password file and his source, the custom encryption would definately slow me down and frustrate me. I'd probably just move on looking for something easier.

Joke: Two birdwatchers are in the jungle. The couch potato asks the athlete: What will you do if we encounter a tiger? The athlete answers: Run away as fast as I can. The couch potato replies: But you can't outrun a tiger! to which the athlete responds: I don't have to outrun the tiger, I only have to outrun you!

You don't have to be the most secure site ever. Just more secure than equally tempting targets.

If you really want some security, use your hash to produce an output, and then feed the output through a well known hash, like sha256.
An attacker wouldn't be able to use wordlists to attack the sha256, since there are no words in your program's output. And even if he did a brute force attack against sha256 (which is insane) he'd still have to brute force your hash too.

The sheer chaos of this code is frightening. Still, there are some really neat idea's in here, and I must confess, I'm impressed.

Keep up the good work kaksii. I'd try testing this hash for collisions next. I assume you're limiting password length to a reasonable number. That should eliminate many collisions.




Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 21:06
digitalchameleon wrote:
Gotta say, since I've seen the source I've become more convinced of this systems security. Collisions seem likely, but reversing it, I don't know. Not all functions are simple math, and there are operations here that I don't know how to reverse.

***

If you really want some security, use your hash to produce an output, and then feed the output through a well known hash, like sha256.
An attacker wouldn't be able to use wordlists to attack the sha256, since there are no words in your program's output. And even if he did a brute force attack against sha256 (which is insane) he'd still have to brute force your hash too.

***

The sheer chaos of this code is frightening. Still, there are some really neat idea's in here, and I must confess, I'm impressed.

***

Keep up the good work kaksii. I'd try testing this hash for collisions next. I assume you're limiting password length to a reasonable number. That should eliminate many collisions.


***
I am really not sure about collisions.
I really don't think I will find any hashes that are same.
I might be wrong, but chance I will get same hashed for different password is 1:(I think big number).

***
sha256...
I really wanna make my own encryption without stealing any already invented form of encryption.
Yes, I think it would be insane encryption if I mix it.
But, insane encryption is also md5 password encrypted with sha1.

***
'The sheer chaos of this code is frightening'
hmm. I don't know what are you trying to say.

***
Yes, there will be password limit. 6-20. I think that is fine. it can be even 6-30.

What do you think?




Edited by on 09-05-07 21:07
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 21:08
what is the point in a one way encryption


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 21:10
djdotti wrote:
what is the point in a one way encryption



Read digitalchameleon's article


Page 6 of 8 << < 3 4 5 6 7 8 >