My friend dared me to make to come up with a password that he could not crack. My trouble is; I have no idea about how to go about making such a thing. I will be writing what ever it is, in C++. No fancy GUI, or anything. I just wanted to pick the brains of those who have had more experience in this area.
Unbreakable Password
- Thread starter TheFox
- Start date
Any password can cracked if you store it in plain text. LOL
My point is, come up with a good long password, but you also have to store it (for checking) using a high encryption.
Hashing is used for this purpose.
For example go to this web-site http://pajhome.org.uk/crypt/md5/ and type your password in the "input" box, for example "testing", and click on "SHA-1" button. Then give him the hex output, in this case "dc724af18fbdd4e59189f5fe768a5f8311527050".
Well, that was just an example, make up your own password, then pass it through the Hash.
Give him the hash, and check once every few years to see if he's cracked it.
[edit]
The SHA1 in the previous link is 160 bits, this one is even better at 256 bits: http://www.movable-type.co.uk/scripts/sha256.html
My point is, come up with a good long password, but you also have to store it (for checking) using a high encryption.
Hashing is used for this purpose.
For example go to this web-site http://pajhome.org.uk/crypt/md5/ and type your password in the "input" box, for example "testing", and click on "SHA-1" button. Then give him the hex output, in this case "dc724af18fbdd4e59189f5fe768a5f8311527050".
Well, that was just an example, make up your own password, then pass it through the Hash.
Give him the hash, and check once every few years to see if he's cracked it.
[edit]
The SHA1 in the previous link is 160 bits, this one is even better at 256 bits: http://www.movable-type.co.uk/scripts/sha256.html
Last edited:
Hashing is used in almost every log in system, and it also used in almost every encryption as the key.
Here is an example how to encrypt using hash:
VB - 128, 160 and 256 Bit File Encryption/Decryption with MD5, SHA1 and SHA256
And here is an example how to make a log-in using hash:
VB6 - Example on how to make a Login where password is stored hashed in Database
Here is an example how to encrypt using hash:
VB - 128, 160 and 256 Bit File Encryption/Decryption with MD5, SHA1 and SHA256
And here is an example how to make a log-in using hash:
VB6 - Example on how to make a Login where password is stored hashed in Database
If he wants to crack it, then it means he has to crack the encryption (in this case the hash), so he needs the hash to brute force to get back the password.
[edit]
By the way, if you do write a program to prompt for the password, then also add a 100 to 500 ms delay when wrong password is entered. This way when a regular user mistypes the password then he won't notice the delay, but when a hacker tries to brute force hack, then it will slow down his script, and it will take much longer to crack it.
[edit]
By the way, if you do write a program to prompt for the password, then also add a 100 to 500 ms delay when wrong password is entered. This way when a regular user mistypes the password then he won't notice the delay, but when a hacker tries to brute force hack, then it will slow down his script, and it will take much longer to crack it.
Last edited:
Hello,
Perhaps read this article:
http://computersight.com/communicat...ncryption-that-is-nearly-impossible-to-break/
Bertus
Perhaps read this article:
http://computersight.com/communicat...ncryption-that-is-nearly-impossible-to-break/
Bertus
Any human usable password system can be broken. The means to do this might not be totally legal in this country but has been very effective in the past. Bribes, sex traps, inside agents work when normal technical means don't. Stealing a wallet and copying everything in it and putting it back is a normal tactic to help with a brute force attack. You might be surprised how many people keep secret codes in a folded paper in a wallet.
http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn
Even when the system is secure there are other means.
http://en.wikipedia.org/wiki/Side_channel_attack
http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn
Even when the system is secure there are other means.
http://en.wikipedia.org/wiki/Side_channel_attack
Last edited:
Generally speaking the longer and more irregular the password is the more difficult it is to break by brute force methods. As a simple example in counting imagine filling in each of say a dozen slots with a letter from the Latin alphabet or a digit in the range of 0 to 9. Each slot can have one of 36 possible values. So a dozen slots would have 36 raised to the 12th power possible combinations.
Now make any assumption that you care to make about how fast the combinations could be tried. Lets try 10 microseconds per combination.
Now just increase the number of slots in the password from 12 to 13 and see what kind of additional bang for the buck you get. HINT: it's quite a bit more than the age of the universe.
Rich (BB code):
36 ^ 12 = 4.738e18
Rich (BB code):
10e-6 * 4.738e18 = 4.738e13 seconds
4.738e13 seconds / 31.536e6 seconds/year = 1.5 million yearsPlain MD5 is not very secure.
http://tools.ietf.org/html/rfc4270
http://www.di.ens.fr/~leurent/files/HMAC_CH09.pdf
That is not correct.
Which isn't that hard with modern processing power qbvbsite...
It's easier to socialy hack the passwords. Keyloggers are also still quiet fashionable for this purpose.
Security is an illusion =)
If YOU can access the system someone else can, no matter what you try to do about it.
It's easier to socialy hack the passwords. Keyloggers are also still quiet fashionable for this purpose.
Security is an illusion =)
If YOU can access the system someone else can, no matter what you try to do about it.
"Getting In Bed With Robin Sage"
http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468
http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468
