Page 2 of 2

Re: An unorthodox authorization - should I even consider it...?

Posted: Tue Mar 10, 2009 10:21 am
by Mordred
Yes I do, and no, you wont ;)
I'm challenging your "ridiculously easy" phrase. You generally know your stuff, you give good security advice, but you gotta learn to watch your mouth when using such hot words.
(If you do crack it, I'll send you as much flowers as there are chars in the secret ... it's gonna be a big bouquet, hehehe)

Re: An unorthodox authorization - should I even consider it...?

Posted: Tue Mar 10, 2009 10:37 am
by kaisellgren
Mordred wrote:Yes I do, and no, you wont ;)
I'm challenging your "ridiculously easy" phrase. You generally know your stuff, you give good security advice, but you gotta learn to watch your mouth when using such hot words.
(If you do crack it, I'll send you as much flowers as there are chars in the secret ... it's gonna be a big bouquet, hehehe)
Well, okay. Maybe "ridiculously" is exaggerated, but... it is rather possible. I have been trying to crack that challenge in background, I have checked 1 000 000 000 000 passwords so far :P I'm using ASM and my 8800 GTX, 210 000 000 hash calculations per second. My card is also underclocked, and I have only one card. I bet you could easily reach at least 1 500 000 000 calculations per second on one computer. If you had money, then you could futher improve all this yet I am just using regular gaming GPUs here, which are much slower than the best ones NVIDIA can offer us.

If you have the money, it is easy to crack. Now, it is not ridiculously easy to have money, but there are people who have oil wells on their backyard and literally people who are filthy rich. It does not matter can some guy on a forum crack it, all that matters is whether there are people who can do it and more importantly, who are willing to do it.

Code: Select all

$kai = new kai;
$msg = $kai -> get_message('9th March 2009, 16:20');
$msg = str_replace('ridiculously easy','possible',$msg);
$kai -> modify_message('9th March 2009, 16:20',$msg);

Re: An unorthodox authorization - should I even consider it...?

Posted: Tue Mar 10, 2009 10:52 am
by Mordred
Oh so you tried it, eh? You Finns with your cold weather and hot blood ;) Stop and think about it!

If you retract your words, your statement about the MD5 becomes moot, bruteforcing "works" against all hashes. MD5 is not inherently weaker (as of what is currently known) than the other popular hashes in this scenario, there are no known attacks that make it weaker in this case.

Bruteforcing is a game the cryptographers love to play against the crackers: adding linearly more characters to the secret will make the problem exponentially harder for the attacker.
Dividing this by a constant, even a large one because of faster hardware will not change things. Bruteforcing doesn't work against well-chosen (i.e. LOOONG) plaintexts.

So, forget about the flowers, you can't get 'em, not in the lifetime of the Universe ;) :)

Re: An unorthodox authorization - should I even consider it...?

Posted: Tue Mar 10, 2009 11:11 am
by kaisellgren
Some one can do that, but not me :(