 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 607
 Members: 0
 Total: 607
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
defeating crypt() funtions |
|
 Posted: Mon Apr 11, 2005 8:48 am |
 |
|
| y3dips |
| Valuable expert |
 |
| |
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
 |
|
 |
|
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Tue Apr 12, 2005 8:46 am |
|
|
| shai-tan |
| Valuable expert |
 |
| |
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
| How about we all start trying to Brute force Blow Fish salts lol or better yet WPA or maybe we could just try SSL Certs wouldnt it be fun!!!! We could waste our whole life and about 5 generations after and still not crack them till they find out how to truly break them lol. |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
Re: defeating crypt() funtions |
|
| Posted: Tue Apr 12, 2005 12:17 pm |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
What do you mean by "defeat"? If Crypy() function will make oneway hashes, then as always there are possibilities to attack by wordlist and just bruteforce. And because Crypt() function by default uses 56bit DES, then i dont think, that it's very secure hashing  |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 12, 2005 3:08 pm |
|
|
| y3dips |
| Valuable expert |
|
| |
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
 thats why i use "defeating" not "breaking"
coz i dont want to use some brute forcing  ( .. it spend more time, even using some word list,
i know its hard to reverse it back.
here the story ,
i found some CMS using this to encrypt the password ,n i found the hole n could get the crypted password, now i just try to known the plain password. i try to use reverse technique , but it useless coz the function get to variable and output one variable (in hash)
for example
| Code: |
$passwd = $user.$pass;
$hashed = crypt($passwd);
|
but what i get was the "hashed"
btw thanks all ; maybe i should release it (advisories) without the way breaking the password  |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
| Posted: Tue Apr 12, 2005 3:46 pm |
|
|
| erg0t |
| Valuable expert |
|
| |
| Joined: Apr 08, 2005 |
| Posts: 55 |
| Location: Uruguay |
|
|
|
|
|
|
The metods to encrypt passwords aren?t the same as used to encrypt data. As waraxe says, the encryption is one way, is more like a cheksum. You can?t go back.
The only solution is brute force.
I think the best solution to "defeat" this kind of encription algoritms is to try to create the most optimized version of the algoritm to win procesing time when bruteforcing. In some cases you can use something like rainbow tables but, in others (when the hash depends of the user name and other parameters too) you need bruteforce. |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 12, 2005 3:59 pm |
|
|
| y3dips |
| Valuable expert |
|
| |
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
im agree with you (erg0t) also with waraxe, im just curios about it.
i know it was one way hash n no way to roll it back , so we could do some brute forcing also im agree with finding best algorithm to speed up the brute time .
but i just want to know if there is one of u find the same problem, n ive just wondering if the vendor has use the wrong method in authenticate (for example : send the crypted password as a variable to be matched with passwd in database/file )
btw , thanks for all the responses |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Wed Apr 13, 2005 3:45 am |
|
|
| shai-tan |
| Valuable expert |
|
| |
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
wow so my post was quite relevant.....  Still up for some salted SSL certs?  |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
