andrew8643g Posted September 14 Report Posted September 14 On 12/7/2023 at 10:08 AM, Engineeer said: I thought about this one more time and since you don't seem to think I have more logical thinking than the next guy (with who the gals picked first because everything that can go wrong always does all the time), let me assure you that if someone has the right physics it's probably me the guy who goes about these things with a more correct or practical approach. It goes: 11....... 1.......1 I wanted to then do .11...... .1.......1 etc But I realized that "11....... 1.......1" Already has all of those incorporated in it. So it's just, "11....... 1.......1" And we have to multiply that combination by two because we have to reintegrate the (0) or any digit that is left out. 2 x (2x3 + 6x2 + 2x24 + 322560 + 70560+ 8640 + 645120)=2093892 possible password combinations for any password combination that uses 10 digits with only one of the digit repeating twice. If it repeats 3 times you do 111..... 11......1 1......11 and if two repeat twice ......1122..... 1......12......2 Also you could one with .....11122..... 1.....112......2 11.....12......2 etc You have to multiply these by more because more are left out. Now that is what I mean by logic when I say I study something it's not like that guy with the cute girl studying something, it's logical it's better it's right it works. Because I..learn..faster. Instead of raising the password length to the power of itself you can use this method to rule out all the simpler passwords first until one works. That is exactly what I would have to do to make a numerical simulation atomic structures in my theory. When you can simulate atoms you can simulate larger structures like brains, AI for instance could use physics simulations, you can do all sorts of things if you hired me. But then to get me to figure things out you'd have to give me stuff. You don't really want mr tuk tuk nu sentral that do you? You'd be encouraging someone. Don't encourage people! When programs attempt to figure out a password, they use techniques like brute force, dictionary attacks, or more advanced algorithms. In brute force attacks, the program systematically tries every possible combination of characters until it finds the correct password. Dictionary attacks involve using a precompiled list of commonly used passwords, phrases, or patterns, attempting each one to see if it matches. More sophisticated methods use password hashing techniques to compare encrypted versions of the password without ever seeing the original text. Quote
Vmedvil Posted September 24 Report Posted September 24 On 9/14/2024 at 1:01 AM, andrew8643g said: When programs attempt to figure out a password, they use techniques like brute force, dictionary attacks, or more advanced algorithms. In brute force attacks, the program systematically tries every possible combination of characters until it finds the correct password. Dictionary attacks involve using a precompiled list of commonly used passwords, phrases, or patterns, attempting each one to see if it matches. More sophisticated methods use password hashing techniques to compare encrypted versions of the password without ever seeing the original text. This is correct. Quote
alexander Posted October 25 Report Posted October 25 For the purposes of comp-sci encrypted and hashed are not the same thing. Encrypted - specifically refers a reversible algorithm, we can take AES, RSA, or if we are looking at some more modern PQC algorithms, things like Falcon, SPHINCS+ and the two CRYSTALS algos, and these work in all sorts of ways: signatures, encapsulations, goppa codes, LWE, Lattice, etc. Hashing, on the other hand, is not a reversible form of cryptography, and algorithms here would be things like SHA, HMAC, or something even as simple as a sum, xor(8) or a CRC are all technically hash functions. With this in mind. On 9/14/2024 at 12:01 AM, andrew8643g said: More sophisticated methods use password hashing techniques to compare encrypted versions of the password without ever seeing the original text. They are not encrypted versions of passwords but are hashes, and it sounds sophisticated, but I don't know how sophisticated generating a bunch of hashes and throwing them into a database for a later "Hey do I have this hash in my database? Oh I do? What string was it generated with?" really is. I wouldn't necessarily call this sophisticated, and also, you are not guaranteed that even if you find the same hash in the database, this of course depends on the hash function used, but, especially for weaker hash functions, it could be a hash collision. That said, if you are cracking specifically passwords, there are a few things to remember, relating to how the hashes are or were generated. Passwords may be salted, they may be salted and not just once, passwords can have unique salts, which makes the hash lookup kind of worthless, unless you are willing to spend millions of compute hours on GPUs generating a new hash table. And, if you look at modern, secure hash algorithms, you can generate hashes iteratively, and with that you can introduce more sources of randomness by randomizing the number of iterations, within reason, so your hashes are still secure. Then there are people who go further yet, and to prevent hashes from being reversed even if the database is leaked, they so silly things, like add salts hard coded into the backend, that are not stored in clear text, perhaps run in some sort of a VM for an extra obfuscation layer, and only exist in memory for a short period of time, all that fun stuff, basically just making the life of someone trying to crack hashes difficult enough to where it's just not worth the time. Anyways, there is nothing sophisticated about most hash cracking, passwords or not. That can change in the future, once quantum computers are made a lot more useful and have maybe a few dozen thousand true qubits or qudits (not just qubits, there's a difference), which, we are currently astronomically far away from. Or maybe once we figure out spin based qubits and start to produce spin-based processors on at least not single research unit quantities. Then we can maybe start developing interesting algorithms that may kind of break current hashing. But, we will need at least some general availability of reasonably powerful quantum computers, we will need programming languages designed for them, we will need to learn how to design algorithms to take advantage of these systems, and they don't do everything nearly as well as a current general purpose processors, at least not yet, so it's going to be like GPGPUs again, a huge learning and engineering curve, but much, much more difficult. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.