1
Debikul
Password Decrypt
  • 2004/12/28 3:31

  • Debikul

  • Just popping in

  • Posts: 14

  • Since: 2004/12/18


(Found It)

Now a new question...how do you decrypt the password stored in the database?

2
jdseymour
Re: Password Decrypt

Sorry for asking, but why would you need to?

I do not think that it would be auto decrypted, since it would cause security concerns.

3
Debikul
Re: Password Decrypt
  • 2004/12/28 4:34

  • Debikul

  • Just popping in

  • Posts: 14

  • Since: 2004/12/18


I'm basicly testing out my site and if it can be hacked. I do know that the password output is encrypted with md5, which is one way. But I have noticed that if you have a generator and use the same password such as "password" the output of the encryption stays the same and doesn't change variables. So, If someone was using something like brute force with the md5 encryter, with a catcher to record the input and output of every character and combination it would be possible to crack (if you even consider it that) the md5 encryption.

I basicly answered my own question. But then I realized that it would require access to the databases, so there are several layers of protection before I could even access the md5 output.

Wheew...this is a little confusing.

Wonder if Symantec would give me money if I actually firgured out a way to crack the encryption?

Lol....yeah right.

4
jdseymour
Re: Password Decrypt

Yes you did answer your own question. This is why the importance of secure passwords. Although the encryption is possible to be broken, making the passwords secure enough could cause an attacker to spend months breaking it (if not years with heavy encryption.

And yes getting access to the database is another password protected layer of defense. The most vulnerable parts of the equation is the users and possible trojan (keylogger) infestation.

Sorry getting offtopic but this is my area of interest, Security-computer/network.

5
smdcom
Re: Password Decrypt

Correction regarding MD5's security:

A method of producing collisions in MD5 and related algorithms has been discovered that is more efficient than brute-force. What this means is that an attacker can produce two strings that hash to the same result in a "reasonable" amount of time.

This does NOT mean that an attacker can a) decrypt an MD5 hash or b) find another string that will MD5 to the same value. So MD5 protected passwords cannot be attacked by this method.

Note that all hashes have collisions in them-- reducing an infinite set of inputs to a finite set of outputs must have duplicates.

For all of those who still ignore it, SHA-0, MD5 and HAVAL-128 hashing algorithms are broken.

For more information, please visit :
http://www.cryptography.com/cnews/hash.html

6
jdseymour
Re: Password Decrypt

And this is the reason that companies in the future will not use passwords alone. In the near future (and some now) it will be a pin number and security token to access secure data, or biometrics.

Login

Who's Online

328 user(s) are online (294 user(s) are browsing Support Forums)


Members: 0


Guests: 328


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits