Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

DarkBASIC Professional Discussion / Super security for all passwords and data

Author
Message
SH4773R
16
Years of Service
User Offline
Joined: 18th Jan 2010
Location: AMERICA!!!
Posted: 24th Jan 2011 04:20 Edited at: 24th Jan 2011 04:26
So I had an idea, double hashing. A single hash is plenty of security right? Wrong. Many common hash types can be cracked fairly easily using software such as Ophcrack (http://ophcrack.sourceforge.net/). I have used Ophcrack a few times to find lost passwords and such, it can crack all LM and NT hashes given the correct tables in a surprising amount of time. I cracked a 8 digit NT (Vista and windows 7 hash type) alpha-numerical in around 5 minutes.

So now my idea in detail, Programs like Ophcrack and like programs use tables to crack hashes(http://en.wikipedia.org/wiki/Rainbow_table)
by hashing a password twice a table using program will be unable to crack you hash. My method also protects ageist bruteforce attacks.



Shure my method is slow but whats more valuable paying costumers or speed?

Here is a sample program that double whirlpool hashes a string and displays if the data has been corrupted, it requires Matrix1 plug-in 27



A .exe is also attached below.

And please post any thoughts you have below cc is all ways welcome
Indicium
18
Years of Service
User Offline
Joined: 26th May 2008
Location:
Posted: 24th Jan 2011 19:12
Pointless IMO, as far as I'm aware, sha512 produces a 128 character long string that is mathematically irreversible.

IanM
Retired Moderator
23
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 24th Jan 2011 20:45
That's fine for small numbers of password checks, and in fact, some systems rehash the same value many times over.

One thing I'd advise you to do though, is to make your user passwords longer by adding a randomly generated 'salt' and storing that alongside the hash, and also encouraging them to use phrases instead of passwords.

Also, don't worry about the speed of the hash algorithm you use - the faster it is, the less secure it is with regard to dictionary attacks. That's because if it's fast for you, it's fast for your attacker too and that's the last thing you need. Your hashing routine should be fast enough only to not annoy your users, and no faster (that's assuming an efficient implementation of the hash - if it's slow because the code is badly written, get another version).

Login to post a reply

Server time is: 2026-07-17 23:54:23
Your offset time is: 2026-07-17 23:54:23