Vulnerability Development mailing list archives

Re: Password Cracking Challenge...

From: Vizzy <vizzy () freemail hu>
Date: Tue, 29 Jul 2003 01:22:18 -0700


Monday, July 28, 2003, 2:42:07 AM, you wrote:

RM> I'm not sure whether to send this to Security Basics
RM> or to Vulnerability Dev list, the moderator will
RM> surely tell me ;)
trying to make secure authorization, eh?

RM> If so, what would the hash for the password: Fir88x!t
RM> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1
RM> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5
i would think:
hash1 = f(first 8 chars),
hash2 = f(hash1 ^ (next 8 chars)),
...

but password guessing.. who needs that? and, moreover,
in wrong(rarely used) direction?

with that much of information (or even whether one
can try unlimited passwords/responses) you are safe unless your
cryptoz are known and tested against possible attack methods.

but just allow someone to look inside your software to determine
what algorythms used, and generation of those hashes from passwords
will be reproduced in a matter of seconds.


-- 
have phun,
 Vizzy

Current thread:

Password Cracking Challenge... Ronish Mehta (Jul 28)
- RE: Password Cracking Challenge... David Schwartz (Jul 28)
- <Possible follow-ups>
- Re: Password Cracking Challenge... Justin Pryzby (Jul 28)
  - Re: Password Cracking Challenge... David Riley (Jul 28)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 28)
- Re: Password Cracking Challenge... Vizzy (Jul 28)
- Re: Password Cracking Challenge... Ronish Mehta (Jul 31)
- RE: Password Cracking Challenge... Michael Wojcik (Jul 31)