So I thought I could write about it here for fun
Maybe someone will learn something.
The idea is that we will take the plain text passwords when cracked, and hash them with a more common and standard method, like SHA512.
The current method is a MD5 based one, and since I can't find if this specific method is a common one (thus would be supported by for example oclHashCat), I will port it to another language and write my own little cracker using CUDA.
Now, the function that created the hashes is written in PHP.
Code: Select all
function createPwdHash($pwd='',$salt='')
{
// $pwd can be any password
// $salt must be numeric and atleast 3 chars long
// Parse $salt as numeric
$salt = intval($salt);
// Validate critical values
if(strlen($pwd) > 0 && strlen($salt) > 2)
{
// First Hash of password
$pwdHash = md5($pwd);
// Create a string to steal chars from
$randStr = md5($salt);
// Calculate regulations allowed by regulator key
$run = floor(strlen($salt)/3);
// Salt and encrypt password as many times as the salt allows
$i = 0;
while ($i < $run) {
// Extract regulator values from parameters
$saltStart = substr($salt,0+($i*3),1);
$saltLength = substr($salt,1+($i*3),1);
$saltTarget = substr($salt,2+($i*3),1);
$saltValue = substr($randStr,$saltStart,$saltLength);
// Concat regulated string and create new hash
$pwdHash = substr($pwdHash,0,$saltTarget).$saltValue.substr($pwdHash,$saltTarget,-1);
$pwdHash = md5($pwdHash);
$i++;
}
}
else
{
$pwdHash = null;
}
return $pwdHash;
}
So, so far I have just made a simple port of the algorithm.
Code: Select all
static String createPwdHash(String pwd, String salt)
{
MD5 md5Hash = MD5.Create();
String pwdHash = GetMd5Hash(md5Hash, pwd);
String randStr = GetMd5Hash(md5Hash, salt);
int run = (int)Math.Floor((decimal)(salt.Length/3));
for (int i = 0; i < run; ++i)
{
String saltStart = salt.Substring(0 + (i * 3), 1);
String saltLength = salt.Substring(1 + (i * 3), 1);
String saltTarget = salt.Substring(2 + (i * 3), 1);
String saltValue = randStr.Substring(Convert.ToInt32(saltStart), Convert.ToInt32(saltLength));
pwdHash = pwdHash.Substring(0, Convert.ToInt32(saltTarget)) + saltValue + pwdHash.Substring(Convert.ToInt32(saltTarget), (pwdHash.Length - Convert.ToInt32(saltTarget) - 1));
pwdHash = GetMd5Hash(md5Hash, pwdHash);
}
return pwdHash;
}
static string GetMd5Hash(MD5 md5Hash, string input)
{
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
I will update this thread as I go
