in reply to Re: gettin back crypted password
in thread gettin back crypted password
Nefarious people don't nessarily have to brute force the actual password - they just need to find a hashing collision. i.e. if password "foo" and "bar" both hash to "abc", then they are identical as far as the password check goes. This may not seem like much of a distinction (especially as the hash is often longer, and the input salted), but it means if the hash algorithm is weak, then it can be exploited. I believe there has been some preliminary weakness in SHA (some researchers suggest that it could be cracked in, say, 75 years rather than 100 years), but overall they appear strong.
And if you allow passwords of length less than 1..
sub decrypt { my $crypted = shift; my $str = ""; foreach my $s1 (0 .. 255) { my $str = $str . chr $s1; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s2 (0 .. 255) { my $str = $str . chr $s2; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s3 (0 .. 255) { my $str = $str . chr $3; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s4 (0 .. 255) { my $str = $str . chr $4; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s5 (0 .. 255) { my $str = $str . chr $5; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s6 (0 .. 255) { my $str = $str . chr $6; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s7 (0 .. 255) { my $str = $str . chr $7; if ($cryped eq crypt($str, $crypted)) { return $str } foreach my $s8 (0 .. 255) { my $str = $str . $chr $8; if ($cryped eq crypt($str, $crypted)) { return $str } } } } } } } } } }
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^3: gettin back crypted password
by Anonymous Monk on Mar 09, 2005 at 09:39 UTC | |
by spongeboy (Novice) on Mar 10, 2005 at 04:31 UTC |