Re: Password Cracking Challenge...
From: Vizzy (vizzy_at_freemail.hu)
Date: 07/29/03
- Previous message: Michael Wojcik: "RE: Password Cracking Challenge..."
- Maybe in reply to: Ronish Mehta: "Password Cracking Challenge..."
- Next in thread: Ronish Mehta: "Re: Password Cracking Challenge..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jul 2003 01:22:18 -0700 To: vuln-dev@securityfocus.com
Monday, July 28, 2003, 2:42:07 AM, you wrote:
RM> I'm not sure whether to send this to Security Basics
RM> or to Vulnerability Dev list, the moderator will
RM> surely tell me ;)
trying to make secure authorization, eh?
RM> If so, what would the hash for the password: Fir88x!t
RM> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1
RM> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5
i would think:
hash1 = f(first 8 chars),
hash2 = f(hash1 ^ (next 8 chars)),
...
but password guessing.. who needs that? and, moreover,
in wrong(rarely used) direction?
with that much of information (or even whether one
can try unlimited passwords/responses) you are safe unless your
cryptoz are known and tested against possible attack methods.
but just allow someone to look inside your software to determine
what algorythms used, and generation of those hashes from passwords
will be reproduced in a matter of seconds.
-- have phun, Vizzy
- Previous message: Michael Wojcik: "RE: Password Cracking Challenge..."
- Maybe in reply to: Ronish Mehta: "Password Cracking Challenge..."
- Next in thread: Ronish Mehta: "Re: Password Cracking Challenge..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
