Guide | How To How secure is your password?

The associated guide may contain user-generated or external content.

DoxThis

Level 3
Verified
Apr 25, 2015
135
Also please note guys that site is trash, not trying to be rude but an average desktop pc is not that good.
When you talk about cracking hashes obtained from a web server, lets be honeste you are not messing with your grandma's pc when cracking hashes, you are going to either
1. Use an online hash cracker that uses server grade hardware OR
2. Buy 4 R9 290X's overclock them and use them with a hashcracking program and a nice password list like the one from Cain and Abel
 

viktik

Level 25
Verified
Well-known
Sep 17, 2013
1,492
How about using cryptographic HEX hash value as password

Even if the users can remember word "cat" , he will be using SHA-3 (512bit) hash value "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360" as password.

user just need to remember easy word "cat' and the hash function SHA-3 (512bit).

the HEX hash value is 128 character long. Anyone trying to crack this will fail.

PASSWORD STRENGTH_14-05-2015_06-15-03.jpg


This 128 character password is very difficult to crack.
Even if todays supercomputer gets 1 trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion times better ( which in reality it cannot ), it will take 52.64 million trillion centuries to crack it.

PASSWORD STRENGTH_14-05-2015_06-23-54.jpg


PASSWORD STRENGTH_14-05-2015_02-41-30.jpg
 
Last edited:
  • Like
Reactions: frogboy

DoxThis

Level 3
Verified
Apr 25, 2015
135
How about using cryptographic HEX hash value as password

Even if the users can remember word "cat" , he will be using SHA-3 (512bit) hash value "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360" as password.

user just need to remember easy word "cat' and the hash function SHA-3 (512bit).

the HEX hash value is 128 character long. Anyone trying to crack this will fail.

View attachment 57082

This 128 character password is very difficult to crack.
Even if todays supercomputer gets 1 trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion times better ( which in reality it cannot ), it will take 52.64 million trillion centuries to crack it.

View attachment 57083

View attachment 57085
Personally, I would not recommend using a hash for a password because there are databases that store hashes that result in a very small password such as that...
EG www.crackstation.net
CrackStation uses massive pre-computed lookup tables to crack password hashes.
 

DoxThis

Level 3
Verified
Apr 25, 2015
135
Like I said before its not a very good idea regardless UNLESS you are using SHA-3 Because the hash is so freaking large
 

Attachments

  • e345d4ca9b12f53262d0013539c3d9fe.png
    e345d4ca9b12f53262d0013539c3d9fe.png
    7.1 KB · Views: 381

DoxThis

Level 3
Verified
Apr 25, 2015
135
Also, how would that password work on 99% of sites that have a limitation on the characters/ Require special characters etc.



If only every webserver in the world used extremely hard to crack salting on hashes as well, we would never have breakins of accounts except from MITM attacks
 

viktik

Level 25
Verified
Well-known
Sep 17, 2013
1,492
Personally, I would not recommend using a hash for a password because there are databases that store hashes that result in a very small password such as that...
EG www.crackstation.net
CrackStation uses massive pre-computed lookup tables to crack password hashes.


They keep hash database of passwords. Still they are not using SHA-3 (512bit).

Even if they have SHA-3 (512bit) hash database it won't work.
If i used "cat" as password then it would be very easy to crack. But i am using the hash value "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360" as password. So normally they will be searching for hash value of this password, which will be "F1650CB4543DCC9E4B855541054295F43DE0CADAB9071D96187119855E136E743CE855E143258ED05348682416231CB7178A554D577B25600463DA21AEFA10EF" if SHA-3 (512bit) is used . They will never find the match.


How about doing multiple hash?
hashing "cat" gets "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360"


hashing "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360"
gets
"F1650CB4543DCC9E4B855541054295F43DE0CADAB9071D96187119855E136E743CE855E143258ED05348682416231CB7178A554D577B25600463DA21AEFA10EF"




PASSWORD STRENGTH_14-05-2015_07-03-21.jpg


hashing "F1650CB4543DCC9E4B855541054295F43DE0CADAB9071D96187119855E136E743CE855E143258ED05348682416231CB7178A554D577B25600463DA21AEFA10EF"
gets

"AE7F5C8C097A0F2C217BDF86F1992070D419C3E3DC6A90BA8A0C517716E9C3C1AB23D7E50FF248D2C78F4309B1C5F63A34FC5355F60B7BBD3EDFE4B330419684"

this final hash value will be used as password.

user needs to remember three things
  • Easy word "cat"
  • The hash function SHA-3 (512bit)
  • Number of times hash was done : 3
Anyone trying to crack it using general method will fail, unless he knows all the three thing mentioned above

PASSWORD STRENGTH_14-05-2015_07-03-38.jpg





what if i concatenate all three hashes to get even more lenghty password : "B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360F1650CB4543DCC9E4B855541054295F43DE0CADAB9071D96187119855E136E743CE855E143258ED05348682416231CB7178A554D577B25600463DA21AEFA10EFAE7F5C8C097A0F2C217BDF86F1992070D419C3E3DC6A90BA8A0C517716E9C3C1AB23D7E50FF248D2C78F4309B1C5F63A34FC5355F60B7BBD3EDFE4B330419684"

this is 384 character password. it cannot be found in any database. Obviously it cannot be cracked.


hashing "cat" ten times using SHA-3(512 bit) we get hashes

cat
  1. B2FAF80C85BD36029DC3F804CBF439888FD1CA195AB0E3DECB872F8AA9EF767E4866186EBB8B5ECFA1237147A94775F8302648BE0FD0AE3A6EBBDF931F423360
  2. F1650CB4543DCC9E4B855541054295F43DE0CADAB9071D96187119855E136E743CE855E143258ED05348682416231CB7178A554D577B25600463DA21AEFA10EF
  3. AE7F5C8C097A0F2C217BDF86F1992070D419C3E3DC6A90BA8A0C517716E9C3C1AB23D7E50FF248D2C78F4309B1C5F63A34FC5355F60B7BBD3EDFE4B330419684
  4. CBBA91B52162FE79666609C0178C3AD043837EA95FBF30D5834D30B7FC4A7C5CC85B040B7DCDEAAAB24EB4DA030A22EC9C3E40B5377C99C1DEAA894970934D09
  5. 208385B1E83A6879D10B274B8A42ADF9E54D515D9B14FB8FC939A39B0A38B1BE61DDEEBDA31845EACAE3BD094ABD75E272A97D68E22D25A275D6D0F84ECEB10E
  6. 8D95E1F68C0E10E1100F55858D78926BA7602CEA9417B358511346E2DE34A3F01DB89DE196E8A76F39660C6A0A28E0E93BF2796DF2040EAFFA549BB8D842EAEF
  7. 02E57A7DA1F486CDB62AD399123B5857969117CA79A9630B21C1C45913B4FBE4055AF1221E01FD748975DD64622556F187516131DCB5E4EC5CCD40B117C489D7
  8. 80E323CDB602CFF4C42005850F278C9A2CE05DB0035EB1EC75F837A57CEA9B2B0022050CA0623D56EABCF74E2FC2522F340103C94B175D83B4D5196C9150D6FB
  9. EC0DFCFF56DD2C611F59E934FB3C3100E8AF474FEED754131E68CA76713D1797A7374F007BC610B625FBE2917941B6DE3E28F8E1751F51E2C3B4CEE7E0523406
  10. 6CE9EBE1C3BD3E85F5BE7695F8580EA842F66780343CFF578400D4D73AC3D23FF2BE6749481ED471A7CD97304CC6C16FC7EED959A7B56BEF7D3BB8AA5935B5F8

What if we concatenate hashes from 6 to 10 to get password
8D95E1F68C0E10E1100F55858D78926BA7602CEA9417B358511346E2DE34A3F01DB89DE196E8A76F39660C6A0A28E0E93BF2796DF2040EAFFA549BB8D842EAEF02E57A7DA1F486CDB62AD399123B5857969117CA79A9630B21C1C45913B4FBE4055AF1221E01FD748975DD64622556F187516131DCB5E4EC5CCD40B117C489D780E323CDB602CFF4C42005850F278C9A2CE05DB0035EB1EC75F837A57CEA9B2B0022050CA0623D56EABCF74E2FC2522F340103C94B175D83B4D5196C9150D6FBEC0DFCFF56DD2C611F59E934FB3C3100E8AF474FEED754131E68CA76713D1797A7374F007BC610B625FBE2917941B6DE3E28F8E1751F51E2C3B4CEE7E05234066CE9EBE1C3BD3E85F5BE7695F8580EA842F66780343CFF578400D4D73AC3D23FF2BE6749481ED471A7CD97304CC6C16FC7EED959A7B56BEF7D3BB8AA5935B5F8

This becomes 640 character password. Very hard to guess and obviously impossible to crack
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
My password which uses majority in here (MT), and Yahoo: 377 Billion Years
Email add like Hotmail: 68 Million Years

The combination of my password is a little bit related on my personal information but it doesn't mean I'm vulnerable; because on some instances a typical user cannot make any brute force attack even a weak one; he/she need a lot of research and tools and try to know the password; In these days; login based is protected which makes the account locked due to incorrect passwords and easily access by answering the verification details.
 
  • Like
Reactions: LabZero
Y

yigido

Thread author
Why should I write my password on this site ? This guys can use your password lol :D This sounds a bit weird but it is possible, I know my password is uncrackable :p
CpjU2tB.png
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Wondering if the password cracker the site is based off on uses dictionary to try to hack the password, it might significantly decrease the timing for it to be hacked if it does
 
  • Like
Reactions: LabZero

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top