Vulnerability Development mailing list archives
Re: Password Cracking Challenge...
From: Vizzy <vizzy () freemail hu>
Date: Tue, 29 Jul 2003 01:22:18 -0700
Monday, July 28, 2003, 2:42:07 AM, you wrote: RM> I'm not sure whether to send this to Security Basics RM> or to Vulnerability Dev list, the moderator will RM> surely tell me ;) trying to make secure authorization, eh? RM> If so, what would the hash for the password: Fir88x!t RM> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1 RM> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5 i would think: hash1 = f(first 8 chars), hash2 = f(hash1 ^ (next 8 chars)), ... but password guessing.. who needs that? and, moreover, in wrong(rarely used) direction? with that much of information (or even whether one can try unlimited passwords/responses) you are safe unless your cryptoz are known and tested against possible attack methods. but just allow someone to look inside your software to determine what algorythms used, and generation of those hashes from passwords will be reproduced in a matter of seconds. -- have phun, Vizzy
Current thread:
- Password Cracking Challenge... Ronish Mehta (Jul 28)
- RE: Password Cracking Challenge... David Schwartz (Jul 28)
- <Possible follow-ups>
- Re: Password Cracking Challenge... Justin Pryzby (Jul 28)
- Re: Password Cracking Challenge... David Riley (Jul 28)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 28)
- Re: Password Cracking Challenge... Vizzy (Jul 28)
- Re: Password Cracking Challenge... Ronish Mehta (Jul 31)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 31)