For reference I only know python so that's what I've been working with.
I've recently been looking into making my own hashing algorithm to further my understanding on how they work, I'm not looking into creating the most cryptographically secure hashing algorithm, just something that is a bit more secure than validating passwds in plain-text.(in other words I don't care if this algorithm has copious amounts of collisions.
From what I understand about hash functions is that they use ???? to obfuscate the input password. Where I'm getting caught up is how the function takes a user input, like "password1" and translates that into numbers the system can work with, then, what exact methods do they use to obfuscate them?
Apologies if this is a stupid question but I cant find any material on this that isn't way beyond my understanding or basic enough where they gloss over what happens inside the hash algorithm.
Related
I was thinking some time if I should post that question here or at crypto.stackexchange.com. I think the question is more related to implementation than to theory, so here we go:
I have decided to use scrypt as the password hashing method for my future backends. Some of my backends are written in Perl, so I plan to use Crypt::ScryptKDF.
It is quite clear how to use it, but one question is left: scrypt is (to my best knowledge) more a key derivation function than a hashing function. So how is the hashing actually done?
Does it just encrypt the (salted) input string (e.g. a password) with the key which it has derived from the same (salted) input string (password), or is there more to it?
I found MurmurHash recently as one of the fastest, and MurmurHash3 is the new version of MurmurHash.
I also found the complete explanation of MurmurHash in a Diagram by Ian Boyd.
This diagram really looks awesome but I understand only a bit of it since I'm still a newbie and have interest in Hashing.
It would be very helpful if someone could help me with a simple MurmurHash3 Flowchart.
Since I'm a newbie and still can't add any comment there, I also don't know how to contact Ian Boyd either, I'm trying to ask it here..
update
I made my own MurmurHash3 flowchart.
Will upload it later
I'm sorry for my noobness and bad in English. Thank you
I know I am reply late, but it may help any one else...
Murmur hashing is a non cryptographic hash function
which is used for hash based look-ups , it uses 3 basic operations as a whole Multiply, Rotate and XOR. It uses multiple constants which are just there to make it good hash function by passing 2 basic tests.
Avalanche Test
Chi-Squared Test
You can watch this video, which I made, for the detail explanation of Murmur Hashing.
Let me describe the scenario:
I know the hashed string, and the $salt, but not the $pass. md5 format is:
md5($salt.$pass)
example value = ae10f955a7164ba6905919e7798284ca
here $salt = q)SDs
$pass is unknown.
Now, is there anyway to get md5($pass)?
Short of brute force techniques, no. However brute force is a valid approach. Depending on the scope of this problem, you have a few options:
Write a small program to compute MD5 hashes of md5(salt + random string).
Use an existing cracking tool like John the ripper.
Build a rainbow table using the salt, and then use that to find the appropriate password.
A tool like John the Ripper may be the easiest place to start.
While it is possible to recreate the password using a variety of methods, it's really not the purpose of the hash. The hash is supposed to encode the string in question in an irreversible way, so people who somehow get a hold of the hash cannot just reverse the encryption and have the password in their hands.
So no, it really isn't possible...at least not in any easy way.
Is it possible to duplicate output from the perl crypt function using ColdFusion decrypt?
I am not familiar with encryption programming, but as I understand it crypt uses the DES algorithm unless otherwise indicated. Coldfusion can use the DES algorithm, but I don't know what other parameters to use.
Allow me to clarify my situation. I am working with a vendor supplied application written in perl. My local toolset is mainly ColdFusion. I would like to enhance the vendor supplied login function with a 'lost your password/reset password' function. I would prefer not to change the vendor source code, which I have access to, since it get upgraded regularly and I don't want to have to keep applying the changes. The best solution, for a host of reasons, is to emulate the perl crypt() function output in ColdFusion so I can build the password reset function externally to the vendor application. It is admittedly an awkward and confusing situation.
I do not know if the emulation approach is feasible; if not it is back to the drawing board.
Just in case you didn't know, perl's crypt() function (and the crypt() function in the standard C library) is a one-way hashing function usually used for storing passwords. It's not an encryption function and there is no known decryption function.
As such, you're probably not looking for a function called decrypt(). I don't used Coldfusion, so I can't help you find the proper function.
I have a NSString like #"123456". I want to convert this string into byte array and then I want to shift some bytes using some arithmetic operations. Then I want to apply SHA256Hash on that and finally want to encrypt a string using the final result. I have tried many approaches but still got no success. I am very confused in this.If someone wants to look at code i'll post the code.
Edit:
My actual goal is to encrypt an string using AES256 encryption algorithm. And I want to generate my own key and I want to pass my own IV.
I assume you're trying achieve some kind of security. On the other hand it does not look like you're very familiar with the tools and methods you're using. This is a bad start.
Security is a very difficult thing to do—even for experienced developers. Maybe there's a way to reuse some existing implementation for your security needs.
My advice would be not to reinvent things, especially when they are as hard and as crucial as security.