A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Password hashing



 
 
Thread Tools Display Modes
  #1  
Old July 15th 18, 10:43 PM posted to microsoft.public.windowsxp.general
Andy[_17_]
external usenet poster
 
Posts: 594
Default Password hashing

Is this method pretty secure for login passwords?

This specifies that SHA512 shall be used for password hashing for user logins. By default, 5000 rounds are used.

Thanks,
Andy
Ads
  #2  
Old July 16th 18, 01:53 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Password hashing

Andy wrote:
Is this method pretty secure for login passwords?

This specifies that SHA512 shall be used for password hashing for user logins. By default, 5000 rounds are used.

Thanks,
Andy


The passwords are also salted.

https://security.stackexchange.com/q...-hashes-really

On a Windows box, you can reset the password, and
have the user enter a new one. The account is wide open
when that happens.

Cracking the password, means discovering what the password
is, which could leave the account compromised, without the
user realizing that someone has broken in. This takes a few
days to do with a modern GPU.

For simpler password situations, a rainbow table can be
used. You can purchase rainbow tables on a BluRay disc
(to give you some idea just how huge the tables are), and
those can accelerate cracking the password for "simple"
passwords. So if your password is "andy" and contains
no numbers or punctuation or uppercase or a great length,
the rainbox table in theory can find the answer faster
than a cracking setup can do it. Or, for the freely available
downloadable rainbox tables, you might be able to cry
cracking a password, without buying a fancy GPU. The GPU
is more likely to succeed in the long run.

A Linux distro like Kali, may have a few tools for
playing with this stuff.

People who do penetration testing, use a box with eight
video cards, for password cracking. They test whether they
can get into commercial operations (by invitation of the
owner). A pen test box doubles as a coin miner, so you
can alternate between being a security expert and
an Ethereum miner :-)

Paul
  #3  
Old July 16th 18, 03:04 AM posted to microsoft.public.windowsxp.general
Andy[_16_]
external usenet poster
 
Posts: 337
Default Password hashing

On Sunday, July 15, 2018 at 7:53:12 PM UTC-5, Paul wrote:
Andy wrote:
Is this method pretty secure for login passwords?

This specifies that SHA512 shall be used for password hashing for user logins. By default, 5000 rounds are used.

Thanks,
Andy


The passwords are also salted.

https://security.stackexchange.com/q...-hashes-really

On a Windows box, you can reset the password, and
have the user enter a new one. The account is wide open
when that happens.

Cracking the password, means discovering what the password
is, which could leave the account compromised, without the
user realizing that someone has broken in. This takes a few
days to do with a modern GPU.

For simpler password situations, a rainbow table can be
used. You can purchase rainbow tables on a BluRay disc
(to give you some idea just how huge the tables are), and
those can accelerate cracking the password for "simple"
passwords. So if your password is "andy" and contains
no numbers or punctuation or uppercase or a great length,
the rainbox table in theory can find the answer faster
than a cracking setup can do it. Or, for the freely available
downloadable rainbox tables, you might be able to cry
cracking a password, without buying a fancy GPU. The GPU
is more likely to succeed in the long run.

A Linux distro like Kali, may have a few tools for
playing with this stuff.

People who do penetration testing, use a box with eight
video cards, for password cracking. They test whether they
can get into commercial operations (by invitation of the
owner). A pen test box doubles as a coin miner, so you
can alternate between being a security expert and
an Ethereum miner :-)

Paul


Thanks. I use a randomly generated 10 character pw which can contain any variation of characters available.

Andy
  #4  
Old July 16th 18, 11:57 PM posted to microsoft.public.windowsxp.general
freeman
external usenet poster
 
Posts: 37
Default Password hashing

Are you asking the correct question ?

How long is the hash ? 25 characters or ?

Do intruders have access to the application to decrypt then message ?

If so, it is the password that needs to be long and string.

If no access to the encrypt/decrypt app then the hash, almost any hash,
will be plenty strong.

Basically is is the length of the string used to do the encryption that
determines how difficult it will be.

Assuming you use upper case + lower case + numerics + symbols in your
long password.

Each character position of a password has many possibilities:
for my keyboard
number of alpha upper case = 26
number of alpha lower case = 26
number of symbols = 28 .,/?'";:[{]}=+-_)(*&^%$#@!~`
number of digits = 10

Calculate the permutation base on some length of password.
If I did this right, for this combination with a 10 character password.
combinations roughly = 75,330,543,424,778,800,000,000,000.
with 12
combinations roughly = 62,843,752,546,687,400,000,000,000,000,000

now if the hash is considered as being 25 characters then trying to
guess the hash: (hash is typically uppercase alpha and digits = 36
possibilities)
combinations is roughly =
144,552,334,519,691,000,000,000,000,000,000,000,00 0,000,000,000,000,000,000,000.000

Some mathematician will come along and correct me.

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 08:30 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.