(12-07-2015 - 08:59 PM)Murdock Wrote:(12-07-2015 - 08:13 PM)Nova Wrote:(12-07-2015 - 08:11 PM)Murdock Wrote:(12-06-2015 - 11:18 PM)Verity Wrote:(12-06-2015 - 10:31 PM)Nova Wrote: This looks cool, but it logs your password on a program which is annoying.
As you see the passwords are just scrambled words and letters. So in no way will I get anyones password.
It's a bit late now, but you would be alot more secure if you used a high gpu cost hashing algorithm like Bcrypt with extra rounds rather than using compression and ciphers.
Maybe he doesn't know how to do that and just created it with the knowledge he has.
All the more reason for me to point it out and give him a push in the right direction for next time. The problem is most hashing functions lose a part of the original strings making them irreversible. Meaning he can't update the existing passwords with a new algorithm unless he either... 1. extends from the old algorithm (ie wraps the current algorithm in say sha1().) or 2. resets all passwords with a new algorithm and lets the users change them after confirming their email access.
But this looks like a reversible cipher to me, which means it would be an encryption algorithm, not a hashing algorithm (encryption is 2 way [encrypt <-> decrypt] while hashing is a single way encrypt -> decrypt). If the creator could reply with an answer to whether he created this cipher compression algorithm himself, it would make things alot easier for me to give ways to improve it.
![[Image: 09f6da518787d31e840ce034f69d1ef6.png]](https://gyazo.com/09f6da518787d31e840ce034f69d1ef6.png)
It's a small program with around 5-10 members on it, it doesn't need to be perfect.
![[Image: rNNka.gif]](http://imgyo.ga/rNNka.gif)
![[Image: ToleratedNine.jpg]](http://giveadamn.co.uk/image/ToleratedNine.jpg)
