Unbreakable Password

Discussion in 'Programmer's Corner' started by TheFox, Jun 29, 2010.

  1. TheFox

    Thread Starter Active Member

    Apr 29, 2009
    66
    5
    My friend dared me to make to come up with a password that he could not crack. My trouble is; I have no idea about how to go about making such a thing. I will be writing what ever it is, in C++. No fancy GUI, or anything. I just wanted to pick the brains of those who have had more experience in this area.
     
  2. CVMichael

    Senior Member

    Aug 3, 2007
    416
    17
    Any password can cracked if you store it in plain text. LOL

    My point is, come up with a good long password, but you also have to store it (for checking) using a high encryption.

    Hashing is used for this purpose.
    For example go to this web-site http://pajhome.org.uk/crypt/md5/ and type your password in the "input" box, for example "testing", and click on "SHA-1" button. Then give him the hex output, in this case "dc724af18fbdd4e59189f5fe768a5f8311527050".

    Well, that was just an example, make up your own password, then pass it through the Hash.

    Give him the hash, and check once every few years to see if he's cracked it.

    [edit]
    The SHA1 in the previous link is 160 bits, this one is even better at 256 bits: http://www.movable-type.co.uk/scripts/sha256.html
     
    Last edited: Jun 29, 2010
  3. retched

    AAC Fanatic!

    Dec 5, 2009
    5,201
    312
    A hash is not ‘encryption’ – it cannot be decrypted back to the original text (it is a ‘one-way’ cryptographic function, and is a fixed size for any size of source text).
     
  4. CVMichael

    Senior Member

    Aug 3, 2007
    416
    17
  5. retched

    AAC Fanatic!

    Dec 5, 2009
    5,201
    312
    I was just wondering how this would have worked:
    I wouldn't give him anything at all. Just a password prompt. That way he has no idea to even look in the hashed direction. or what bit, or whatever.
     
  6. CVMichael

    Senior Member

    Aug 3, 2007
    416
    17
    If he wants to crack it, then it means he has to crack the encryption (in this case the hash), so he needs the hash to brute force to get back the password.

    [edit]
    By the way, if you do write a program to prompt for the password, then also add a 100 to 500 ms delay when wrong password is entered. This way when a regular user mistypes the password then he won't notice the delay, but when a hacker tries to brute force hack, then it will slow down his script, and it will take much longer to crack it.
     
    Last edited: Jun 30, 2010
  7. TheFox

    Thread Starter Active Member

    Apr 29, 2009
    66
    5
    If only I knew VB, lol. Thanks much, I'll be trying to figure it out, for a little while.
     
  8. bertus

    Administrator

    Apr 5, 2008
    15,648
    2,347
  9. nsaspook

    AAC Fanatic!

    Aug 27, 2009
    2,908
    2,169
    Any human usable password system can be broken. The means to do this might not be totally legal in this country but has been very effective in the past. Bribes, sex traps, inside agents work when normal technical means don't. Stealing a wallet and copying everything in it and putting it back is a normal tactic to help with a brute force attack. You might be surprised how many people keep secret codes in a folded paper in a wallet.
    http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn

    Even when the system is secure there are other means.

    http://en.wikipedia.org/wiki/Side_channel_attack
     
    Last edited: Jun 30, 2010
  10. qbvbsite

    New Member

    Jun 29, 2010
    25
    0
    Store your password has a MD5 hash... this can only be broken using brute force.
     
  11. Papabravo

    Expert

    Feb 24, 2006
    10,144
    1,791
    Generally speaking the longer and more irregular the password is the more difficult it is to break by brute force methods. As a simple example in counting imagine filling in each of say a dozen slots with a letter from the Latin alphabet or a digit in the range of 0 to 9. Each slot can have one of 36 possible values. So a dozen slots would have 36 raised to the 12th power possible combinations.
    Code ( (Unknown Language)):
    1.  
    2. 36 ^ 12 = 4.738e18
    3.  
    Now make any assumption that you care to make about how fast the combinations could be tried. Lets try 10 microseconds per combination.
    Code ( (Unknown Language)):
    1.  
    2. 10e-6 * 4.738e18 = 4.738e13 seconds
    3. 4.738e13 seconds / 31.536e6 seconds/year = 1.5 million years
    4.  
    Now just increase the number of slots in the password from 12 to 13 and see what kind of additional bang for the buck you get. HINT: it's quite a bit more than the age of the universe.
     
  12. nsaspook

    AAC Fanatic!

    Aug 27, 2009
    2,908
    2,169
  13. qbvbsite

    New Member

    Jun 29, 2010
    25
    0
    As a password MD5 is very secure... there is no way to decrypt it and you will only gain access via brute force through the login screen.
     
  14. retched

    AAC Fanatic!

    Dec 5, 2009
    5,201
    312

    That is not correct.
     
  15. sceadwian

    New Member

    Jun 1, 2009
    499
    37
    Which isn't that hard with modern processing power qbvbsite...
    It's easier to socialy hack the passwords. Keyloggers are also still quiet fashionable for this purpose.
    Security is an illusion =)
    If YOU can access the system someone else can, no matter what you try to do about it.
     
  16. nsaspook

    AAC Fanatic!

    Aug 27, 2009
    2,908
    2,169
Loading...