![[Image: rNNka.gif]](http://imgyo.ga/rNNka.gif)
(12-06-2015 - 02:10 PM)Murdock Wrote: I can setup a server that uses I2P to fully encrypt everything. No logs will be stored on the server only on your local machine as tmp files. My own team uses it, let me know if interested.
Once This Happens And Its Updated I Will Use It! Lmk When It Is
Quote:"You cant fix stupid."
![[Image: fi1z8QY.jpg]](http://i.imgur.com/fi1z8QY.jpg)
(12-06-2015 - 11:18 PM)Verity Wrote:(12-06-2015 - 10:31 PM)Nova Wrote: This looks cool, but it logs your password on a program which is annoying.
As you see the passwords are just scrambled words and letters. So in no way will I get anyones password.
![[Image: 09f6da518787d31e840ce034f69d1ef6.png]](https://gyazo.com/09f6da518787d31e840ce034f69d1ef6.png)
It's a bit late now, but you would be alot more secure if you used a high gpu cost hashing algorithm like Bcrypt with extra rounds rather than using compression and ciphers.
[~]!# Official member of Trojan Security
"If you don't like it, try and hack me!"
Private databases for Sale (BTC only), PM for information
Coachella 2017 [EXTREMELY PRIVATE]
ESEA 2017 [EXTREMELY PRIVATE]
MajorLeagueGaming Forums 2016 [EXTREMELY PRIVATE]
MMO-Champion 2017 [EXTREMELY PRIVATE]
NextGenUpdate 2016 [EXTREMELY PRIVATE]
XDA-Developers 2016 [EXTREMELY PRIVATE]
Ps3Hax 2017 [PRIVATE]
(12-07-2015 - 08:11 PM)Murdock Wrote:(12-06-2015 - 11:18 PM)Verity Wrote:(12-06-2015 - 10:31 PM)Nova Wrote: This looks cool, but it logs your password on a program which is annoying.
As you see the passwords are just scrambled words and letters. So in no way will I get anyones password.
It's a bit late now, but you would be alot more secure if you used a high gpu cost hashing algorithm like Bcrypt with extra rounds rather than using compression and ciphers.
Maybe he doesn't know how to do that and just created it with the knowledge he has.
(12-07-2015 - 08:13 PM)Nova Wrote:(12-07-2015 - 08:11 PM)Murdock Wrote:(12-06-2015 - 11:18 PM)Verity Wrote:(12-06-2015 - 10:31 PM)Nova Wrote: This looks cool, but it logs your password on a program which is annoying.
As you see the passwords are just scrambled words and letters. So in no way will I get anyones password.
It's a bit late now, but you would be alot more secure if you used a high gpu cost hashing algorithm like Bcrypt with extra rounds rather than using compression and ciphers.
Maybe he doesn't know how to do that and just created it with the knowledge he has.
All the more reason for me to point it out and give him a push in the right direction for next time. The problem is most hashing functions lose a part of the original strings making them irreversible. Meaning he can't update the existing passwords with a new algorithm unless he either... 1. extends from the old algorithm (ie wraps the current algorithm in say sha1().) or 2. resets all passwords with a new algorithm and lets the users change them after confirming their email access.
But this looks like a reversible cipher to me, which means it would be an encryption algorithm, not a hashing algorithm (encryption is 2 way [encrypt <-> decrypt] while hashing is a single way encrypt -> decrypt). If the creator could reply with an answer to whether he created this cipher compression algorithm himself, it would make things alot easier for me to give ways to improve it.
Upon further inspection it looks like des(unix) in which the first 2 characters are the salt.
[~]!# Official member of Trojan Security
"If you don't like it, try and hack me!"
Private databases for Sale (BTC only), PM for information
Coachella 2017 [EXTREMELY PRIVATE]
ESEA 2017 [EXTREMELY PRIVATE]
MajorLeagueGaming Forums 2016 [EXTREMELY PRIVATE]
MMO-Champion 2017 [EXTREMELY PRIVATE]
NextGenUpdate 2016 [EXTREMELY PRIVATE]
XDA-Developers 2016 [EXTREMELY PRIVATE]
Ps3Hax 2017 [PRIVATE]
Users browsing: 14 Guest(s)