1. SA-MP Forums Archive
  2. SA-MP
  3. General

Threaded Mode
Whirlpool being cracked.
Y_Less
Banned
Posts: 15,941
Threads: 0
Joined: Jun 2008
#21

23.04.2013, 23:35
There are tutorials on salting and running an encryption multiple times - go read them.
Find
Reply
Coltmaster
Banned
Posts: 680
Threads: 26
Joined: Mar 2013
#22

23.04.2013, 23:53
You have to take practicality into it. Sure it can be cracked in theory, but strong encryptions can take hundreds of years to crack, at least with current technology.
Find
Reply
Kontrol
Big Clucker
***
Posts: 198
Threads: 31
Joined: Jan 2012
Reputation: 0
#23

24.04.2013, 01:04
Thanks for the replys guys, im looking into salting them now.
Find
Reply
Kontrol
Big Clucker
***
Posts: 198
Threads: 31
Joined: Jan 2012
Reputation: 0
#24

24.04.2013, 01:22
( Last edited by Kontrol; 24/04/2013 at 09:30 AM. )
Salt added. thanks guys
Find
Reply
Riddy
High-roller
*****
Posts: 1,609
Threads: 0
Joined: Mar 2010
Reputation: 0
#25

24.04.2013, 10:49
Wow, thanks for the heads up. I got a bunch of scripts not using salt, nevermind whirlpool.
Find
Reply
Y_Less
Banned
Posts: 15,941
Threads: 0
Joined: Jun 2008
#26

24.04.2013, 11:10
And this is why I'm constantly telling people NOT to write their own user systems - getting them right is hard and vitally important. Any other system you can bodge together with bugs, user systems you have to really know what you're on about (and I don't claim to be - I've had to update y_users multiple times with more security).
Find
Reply
Y_Less
Banned
Posts: 15,941
Threads: 0
Joined: Jun 2008
#27

24.04.2013, 11:17
Has anyone here actually mentioned multiple rounds yet? Many hash systems now work by taking a password, salting it, encrypting it, then hashing the hash several THOUSAND times (with salts at different stages for good measure). This is so that the hash takes a noticeable amount of time to complete, thus making brute-force crack intractable (would take longer than any reasonable time available). If your hash system takes half a second and the user got the right password that's fine, but if you're trying to crack the password and have to run 1,000,000,000 attempts, that's nearly 16 years!

Also, how many people here blank the memory the plain-text password was stored in?
Find
Reply
KiNG3
Big Clucker
***
Posts: 113
Threads: 12
Joined: Nov 2012
Reputation: 0
#28

24.04.2013, 11:18
How do I salt my Whirlpool passwords? Can anyone help me with that?
Find
Reply
Y_Less
Banned
Posts: 15,941
Threads: 0
Joined: Jun 2008
#29

24.04.2013, 11:19
Quote:
Originally Posted by KiNG3
View Post
How do I salt my Whirlpool passwords? Can anyone help me with that?
Sure:

Quote:
Originally Posted by Y_Less
View Post
And this is why I'm constantly telling people NOT to write their own user systems - getting them right is hard and vitally important. Any other system you can bodge together with bugs, user systems you have to really know what you're on about (and I don't claim to be - I've had to update y_users multiple times with more security).
Find
Reply
KiNG3
Big Clucker
***
Posts: 113
Threads: 12
Joined: Nov 2012
Reputation: 0
#30

24.04.2013, 11:29
That doesn't, exactly explain to me HOW to salt the passwords.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP
  3. General