Re: Regarding sudo

Em Sexta, 13 de Julho de 2007 04:51, Keith Keller escreveu:

Are you saying that matematical operations, for more complex that they
are, can not be done in reverse? sorry, but i don't buy that, it is
against matematical laws.

You don't buy that? Okay, here you go: If x and y are real
numbers, and x + y = 42, then what's x?
Doesn't matter at all, if only the hash is tested for match, all possible
results going backwords are valid results

x & y could be, 30+12, 40+2, 10+32, no matter... going this way and after
several operations you will get to lots of valid possibilities

The hashing function
is similar: easy to compute forward, exceedinly difficult to
compute backwards.
but there is no need to find the exact starting point, all of the possible
results are valid.

i really can't see how can a equation be not reversible when it doesn't
matter if you go back by the same path you came forward in the first place.
i see no diference starting with "qwertyuiopeer123" processing to a hash,
picking the hash, reverse the process and get to "m839nsk9" (amoung
others), if both passwords collide in the same hash.

i say: if you know the hash, and know the sequence of operations, you can go
back... you will never know what password was inserted in the beguinning,
but you will get more than one valid passwords, and i bet every result
you'll get will be valid for password.

only the hash is tested for mach !

regards

.

Relevant Pages

  • Re: [PHP] Adding encryption to passwords
    ... storing the passwords into a mysql table as raw text. ... So what do you think is the best way to use crypt, mcrypt, hash or perhaps ... Encryption is reversible, hashing is not. ... best bet as an evil hacker will never be able to reverse them. ...
    (php.general)
  • Re: Password hashes
    ... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows XP / 2K3 Default Users
    ... Cracking the 'passwords' has never been ... The gist of the 'technique' is the "Modifying Windows NT Logon Credential" ... existing windows applications that use the hash currently set to ... and then re-use those hashes to try to get authenticated access to other ...
    (Pen-Test)
  • Re: Pidgin IM Client Password Disclosure Vulnerability.
    ... because we need to be able to generate the hash a given ... Some protocols can ask for different types of hashes at ... passwords stored in it ... lost, you have much bigger problems than lost IM passwords. ...
    (Bugtraq)
  • Re: Decrypt fails
    ... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
    (microsoft.public.platformsdk.security)