topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday October 7, 2024, 10:00 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Password Cracking Made Easy Thanks to the GPU  (Read 22113 times)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Password Cracking Made Easy Thanks to the GPU
« Reply #25 on: October 27, 2007, 06:26 PM »
In the password/security context, hash means "one way cryptographic algorithm" :)

Dunno if it's a false sense of security, hashes do make it pwetty damn hard retrieve your password, unless the attacker can use rainbow tables - but those are at least partially thwarted if you use some salt with your hash (unless the attacker generates mindbogglingly large rainbow tables).
- carpe noctem

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Password Cracking Made Easy Thanks to the GPU
« Reply #26 on: October 27, 2007, 06:38 PM »
Yes, I know that, but "one way cryptographic algorithm" has more oomph :P

vixay

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 140
  • ViXaY
    • View Profile
    • Donate to Member
Re: Password Cracking Made Easy Thanks to the GPU
« Reply #27 on: November 05, 2007, 04:42 AM »
I did not know what a rainbow table was. Now i do.
you learn something new everyday!
Here's a link for the inquisitive!

http://en.wikipedia....g/wiki/Rainbow_table

f0dder though seems like you've had experience in this. How would you use a hash to bypass a password? That was implied in one of the earlier posts, that having the hash is as good as having the password.
"Drunk on the Nectar of Life!" -me

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Password Cracking Made Easy Thanks to the GPU
« Reply #28 on: November 05, 2007, 08:25 AM »
f0dder though seems like you've had experience in this. How would you use a hash to bypass a password? That was implied in one of the earlier posts, that having the hash is as good as having the password.
It depends on how it's utilized. But consider a solution where you enter your passphrase, but instead of sending the passphrase to the server for validation, a hash of the passphrase is sent. This could be done "for security", to avoid having your passphrase being transmitted, and thus be snoopable. With that method, you can still snoop the hash though...

Another method is to send a hash of (session-unique-data + passphrase), which APOP/CRAM-MD5 does, that's pretty nice and means people will never see your passphrase, you cannot simply use the hash, etc... but it also means the passphrase has to be stored plain-text (or encrypted but with auto-decrypt which is essentially the same level of security as plaintext) serverside.
- carpe noctem