Hosting Provided By

Re: Password Cracking Challenge...

From: Vizzy <vizzy(at)freemail.hu>
Date: Tue Jul 29 2003 - 04:22:18 EDT

Monday, July 28, 2003, 2:42:07 AM, you wrote:

RM> I'm not sure whether to send this to Security Basics
RM> or to Vulnerability Dev list, the moderator will
RM> surely tell me ;)

trying to make secure authorization, eh?

RM> If so, what would the hash for the password: Fir88x!t
RM> Password321 - D5FBB0C7C20D9CE74407A5B354A6D6F1
RM> Pa$$word321 - 8C4A8322764A87E62F90455FEA1F23B5

i would think:
hash1 = f(first 8 chars),
hash2 = f(hash1 ^ (next 8 chars)),
...

but password guessing.. who needs that? and, moreover, in wrong(rarely used) direction?

with that much of information (or even whether one can try unlimited passwords/responses) you are safe unless your cryptoz are known and tested against possible attack methods.

but just allow someone to look inside your software to determine what algorythms used, and generation of those hashes from passwords will be reproduced in a matter of seconds.

-- 
have phun,
 Vizzy

Received on Mon Jul 28 21:07:35 2003

This message: [ Message body ]
Next message: . npguy: "Re: Some help With BOF Exploits Writing."
Previous message: Michael Wojcik: "RE: Password Cracking Challenge..."
Maybe in reply to: Ronish Mehta: "Password Cracking Challenge..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT