Re: who wants a crack at this
From: CryptWolf (RWilliams01_at_no.spam.sceinet.com)
Date: 06/27/03
- Next message: Mok-Kong Shen: "Re: Release 1.1 (beta) of my AES implementation"
- Previous message: unknown: "Re: A Simple(?) Integrity-Aware Encryption Mode"
- In reply to: Jeff Mott: "who wants a crack at this"
- Next in thread: Danilo Gligoroski: "Re: who wants a crack at this"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 23:06:42 GMT
Jeff Mott <mjeff1@twcny.rr.com> wrote in message
news:970676ed.0306251937.5f3e169d@posting.google.com...
> The following is a rudamentary hashing algorithm written in
> JavaScript. I'm attempting to demonstrate to someone else that it is
> not secure. However, I'm personally not well experienced in
> cryptography enough to crack it without far more thought than what
> should be needed, but I can at least tell that real cryptographers
> should be able to reverse engineer it easily.
>
> Given an unknown password (pw) and a known multiple (mult), makehash
> will output a number. So, given a hashed number and mult I need to be
> able to calculate pw.
>
> var alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
>
> function makehash(pw, mult)
> {
> pw = pw.toUpperCase();
> var hash = 0;
> for (var i = 0; i < 8; ++i)
> {
> var letter = pass.substr(i, 1);
> var c = alpha.indexOf(letter) + 1;
> hash = hash * mult + c;
> }
> return hash;
> }
This is probably an early version of the login 4.2 script.
Login 4.2 is an extended version of the above with the addition of lower case
and numbers to the alpha string.
The short answer, is I have a program that will break Login 4.2 in about
30-60 seconds depending on the search string length. This version
can probably be broken in half that time.
The long answer is the hash is reversible and you end up with
a tree search. At the top level, you can find all the initial branches
which are possible last letters in the password. Working deeper
into the tree you end up with sub branches and possible 2nd to last
letters in the search and you can continue this until all branches
are searched. My program calls a reversing function recursively
to keep track of all the braches. Note that all valid branches will
have only positive integers as results and it is easy to check this.
The average 8-10 letter password will produce up to few million entries
if I did the rough estimates right. This smaller character set version
will likely be somewhat smaller. Cracking time will be in the10-30
second range. Comparing with a good sized dictionary might result
in double or triple that time, depending on how it is done, but still not
very long.
If this is the same system as Login 4.2, you'll be able to use any
reverse hash for the User ID. The password is hashed and checked
with the hashed password and then hashed again using a different
multiplier as a Vigenere type key to decrypt the link. In the Login4.2 crack,
dictionary searches were avoided by decrypting the links and searching for
normal letter sequences such as ".com" or ".htm".
CryptWolf
- Next message: Mok-Kong Shen: "Re: Release 1.1 (beta) of my AES implementation"
- Previous message: unknown: "Re: A Simple(?) Integrity-Aware Encryption Mode"
- In reply to: Jeff Mott: "who wants a crack at this"
- Next in thread: Danilo Gligoroski: "Re: who wants a crack at this"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
