mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 2 1 2
#42369 17/08/03 02:16 PM
Joined: Mar 2003
Posts: 1,271
L
Hoopy frood
Offline
Hoopy frood
L
Joined: Mar 2003
Posts: 1,271
Just don't add the code pehonix suggested. It complete obliterates the functionality of $md5, and there is no reason to create a file of encrypted/unencrypted combos. Not unless you have malicious intent anyway.


DALnet #Helpdesk
I hear and I forget. I see and I remember. I do and I understand. -Confucius
#42370 17/08/03 02:18 PM
Joined: May 2003
Posts: 2,265
P
pheonix Offline OP
Hoopy frood
OP Offline
Hoopy frood
P
Joined: May 2003
Posts: 2,265
i dont use that, nor intend for anyone to use it..
i was just showing you it ISNT impossible to crack: it would just take about 3 years to add: every possible character combo in every font smirk


new username: tidy_trax
#42371 17/08/03 02:18 PM
Joined: Mar 2003
Posts: 1,271
L
Hoopy frood
Offline
Hoopy frood
L
Joined: Mar 2003
Posts: 1,271
Your code still doesn't decrypt or reverse the encryption or crack it, it just stores values. If you are given an encrypted password your code can't do jack with it. A real decrypting algorithm could, but those do not exist.


DALnet #Helpdesk
I hear and I forget. I see and I remember. I do and I understand. -Confucius
#42372 17/08/03 03:37 PM
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
It took the Distributed.net RC5 Challenge 5 years to crack, and RC5 was only 48 bit, no? RC5 is also fully reversable encryption, that is its purpose.

With MD5, it would take the effort of all the computers on the internet working tirelessly together, about 400 years to produce the original string... and even then there would still be some question.

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
#42373 17/08/03 05:39 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
I'd say you're both right. There is no way to "crack" an MD5, but there are ways to "weaken" it to the point where it doesn't take "too long" to figure out the original value. There are a bunch of attacks that people have developed against MD5 that allow you to weaken it somewhat. However, the reason you can't crack it is, it is possible that 2 different values will produce the same MD5 hash. Thats just because you have an infinite number of input strings and a fixed number of output strings. But, since MD5 is used for passwords, not encryption in its truest sense, thats all you need. Just to provide a fake example,
$md5(asdf) = 123
$md5(hjkl) = 123

If the "real password" is asdf, the user types asdf and gets access. However if you, using some techniques, have found a way to "reverse" MD5, and you get "hjkl" as a result, it doesn't matter that you have a different "password" because the one you have works just as good as asdf since
$md5(%the_inputted_password) == $md5(asdf)
Even when %the_inputted_password = hjkl.

So you can't necessarily get the original text back, but you can get a value that is just as good as the original text. If you want to see weaknesses in MD5, you can search Google for "Birthday attack." That attack still doesn't necessarily make it feasible. Using brute force against MD5 would take billions of years (if not more), with the birthday attack it takes about 500 thousand years. Then there are more advanced attacks such as differential cryptanalysis (also known as the T attack). That has been used to successfully cause collisions in MD5 in many instances. The thing is though, your average Joe doesn't have the computer and mathematical know-how to figure out a T attack, the math involved in it is extremely complex, so thats more along the lines of the CIA/NSA type of thing rather than the guy down the street. To sum it up, very few cryptographers will say MD5 is secure (remember, it's ancestor MD4 was cracked after a while, and research shows that the MD4 attacks, with some modifications, could break MD5 as well), therefore the new breed of hashes have come out. For example SHA-1 which uses a 160 bit hash has no known weaknesses, nor does RIPEMD-160 which also uses a 160 bit hash. I personally would like to see either a $sha or $ripemd in mIRC, but seeing as how it took so long for $md5 to be added, I doubt that will happen any time soon.

#42374 17/08/03 06:56 PM
Joined: Mar 2003
Posts: 1,271
L
Hoopy frood
Offline
Hoopy frood
L
Joined: Mar 2003
Posts: 1,271
Just one thing a bit sidetracking here, but didn't I read a while ago that the US government declared all encryptions of 32 bit to be national security issues and therefor not to be exported outside the US? Not that mIRC would necessarily have to adhere to that since it's not a US-built program, but still...


DALnet #Helpdesk
I hear and I forget. I see and I remember. I do and I understand. -Confucius
#42375 17/08/03 07:46 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Well, if I remember it was 60bits, not 32, but what I was suggesting is not that mIRC add sha1.cpp into mIRC, Windows already has an SHA1 function. All I'm saying is mIRC should just use Microsoft's CryptoAPI to add support for SHA1, then there are no export restrictions to worry about because it is then MS's job to worry about that, not mIRC. Also the US does allow exporting of strong crypto, you just have to go through a bunch of stuff to get your program approved by the government. Thats mainly to make sure, for example, that someone doesn't make a program that uses strong crypto for a detonator for a bomb or something else that would potentially cause more problems than good.

#42376 18/08/03 01:45 AM
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
Heh, and the odds of someone turning in their bomb detonator for certification is next to nil. smile It's kinda like the whole "war against handguns". Make them illegal to law abiding citizens so criminals have an added advantage.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
#42377 18/08/03 07:12 AM
Joined: Mar 2003
Posts: 1,271
L
Hoopy frood
Offline
Hoopy frood
L
Joined: Mar 2003
Posts: 1,271
Let's not go there shall we. Like it's a coincedence the US has the most murders of any western country.


DALnet #Helpdesk
I hear and I forget. I see and I remember. I do and I understand. -Confucius
Page 2 of 2 1 2

Link Copied to Clipboard