Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a plain text and its cypher text. I know that the algorithm used was MD5. I want to break all cypher texts that are produced using the same algorithm.
Is there any way to do so?
Kerckhoffs's Principle applies here. Knowing the mathematics, and the interaction between the plaintext and ciphertext, will not let you break the MD5 hashing algorithm.
This is due to Shannon's principles of cryptography, outlined in 1945, "Confusion and Diffusion". In simple terms, this means that any even reasonably good encryption algorithm does not show a clear relationship between the cleartext and the ciphertext.
The short answer to your question is no, there is no way to break MD5 purely by knowing a cleartext and a ciphertext. There's no key, so you can't reverse engineer it like a simple XOR cipher.
However, **as MD5 is a very quick, processor-light algorithm, it has been (and is still) possible to simply bruteforce a vast array of cleartext strings, then compare your target ciphertext to the resulting **rainbow table.
This site can help you do this: MD5 Decryptor
I will mention, however, that it's generally rare that there is a use for this outside of computer misuse, which I will strongly caution you against.
I hope this was helpful.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
RSA and AES-256 are defined standards for encrypting "Top Secret" documents. Is it possible to attack using quantum algorithms like shor's and grover's?
The best quantum algorithm known for breaking symmetric ciphers is Grover's algorithm https://en.wikipedia.org/wiki/Grover%27s_algorithm
With Grover's algorithm we can break AES-256 with complexity 2^128. This is impossible with current quantum computers and any quantum computer we're likely to see within our lifetimes. In short, AES-256 is not breakable using current quantum algorithms.
The same is not true of RSA. RSA is breakable with quantum algorithms, but not with current quantum computers. So for now, you are safe using RSA (or DSA or ECDSA), but if quantum computers get a lot better (if, not when), we may need to switch to different signature methods. There is quite a bit of research about this called post-quantum cryptography.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Out of curiosity, I just want to know the full form of "S/KEY" authentication method.
What does 'S' stand for ? and why is it written like S/KEY ?
According to RFC1760 and the original paper, it would stand for "secret key". More specifically, S would stand for the initial secret used in the hash chain.
A sequence of one-time passwords is produced by applying the secure
hash function multiple times to the output of the preparatory step
(called S). That is, the first one-time password is produced by
passing S through the secure hash function a number of times (N)
specified by the user. The next one-time password is generated by
passing S though the secure hash function N-1 times.
I've always heard/been told that S/KEY just means Secure Key or Security Key. As for why it's written that way, I have no idea, but I would assume it's just short-hand to not have to type the whole thing.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
There is a password generator that generates passwords based on known rules (a minimum of 10 characters in length, at least 1 of each of uppercase, lowercase, and numeric characters).
No ability to see the source code for this generator. I am just able to generate passwords and automate this process.
How would you test if this generator provides unique passwords assuming each password meets rules specified?
Thanks,
Racoon.
It does not generate unique passwords - that much I can guarantee you.
If you run this password generator a hundred billion times, what are you expecting to be true of the output? Are you really expecting that every one of those hundred-billion passwords will be different?
If what you're instead trying to ask is whether the passwords will be reasonably unique, then you need to define what you mean by 'reasonably unique'.
It also depends on the nature of the rules you specify for generating these passwords. If you specify a maximum length for passwords, then you have by definition set an upper limit on how many unique passwords there even are. Even if you don't, the only way you're getting guaranteed-unique passwords is if said passwords are allowed to grow to lengths that will make them totally impractical to use.
I think my question was incorrect. Every password generator sooner or later provides a value that have been earlier. Better think of randomness than unuqueness.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I'm playing around with text transformations - ciphers. From all that I have surveyed it seems that all of these algorithms either break even in terms of transformed message length, or get larger. Are there any known algorithms/text transformations that when applied to a message actually make the message smaller (not counting the key, of course)?
For instance, RSA, when you encode the message, makes the encrypted message quite a bit larger than the original. Is there any such thing as that only the message becomes smaller, instead of larger, after (encryption, transformation, etc whatever you want to call it)?
I'm not doing this as part of security, so whether or not it's hackable is not of any interest to me.
P.S. I've done a lot of research in this area already through search engines (google, wikipedia, etc) but I have found no results. I don't want to say that such a technique doesn't exist without at least posting the question publicly first.
Thanks!
Compression tries to make input smaller. Obviously lossless compression will not make every input smaller, since that's impossible.
You can encrypt the compressed input if you want that. In principle compression and encryption are orthogonal concepts, but in some situations the length of the compressed text can be used to attack the system.
At first I thought about language transformation. Some English phrases translate to a single Chinese symbol. That's not a rigorous, mathematical example, but I suppose it qualifies.
Alternatively, from a bit-wise perspective, it wouldn't be possible to cipher/encode 2 bits of information in 1 bit.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm looking at the various bcrypt implementations across several languages and noticing the character limitation across most - specifically, the 72 character maximum that node-bcrypt, php's bcrypt, and py-bcrypt all exhibit.
What are the advantages and disadvantages if an application were to run user input through, say, a SHA-256 or SHA-512 checksum beforehand to enable longer inputs for bcrypt?
The CLI application found here is limited to 8-56 "characters" inclusive (it's C, so a character can be anything I suppose). Heaven knows why you would create limits for something that you feed into a password based key derivation function afterwards (which almost certainly will take unlimited input).
An additional secure hash with sufficient strength and output size will not do anything to degrade security.
Encode the result to hexadecimals before feeding it to a bcrypt library, which is almost certainly expecting a String (don't get struck by the "odd" 00h byte). You might as well use SHA-256, I don't think a few bits more or less will make a difference if you feed it into bcrypt afterwards. Otherwise you may be forced to use base64.
Finally, try not to get into this situation, performing non-standard cryptography is almost certainly a bad thing.