Jump to content




[V4.1 COMING!] LoganDark's Password Lock

computer turtle pocket

115 replies to this topic

#1 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 07 March 2016 - 11:21 PM

LoganDark's Password Lock System
Hello! I have only a few hundred words to please you before you click away, so before you go, let me introduce you to my password lock system. The newest versions (V3 onward) use salting to encrypt the passwords.

What's salting, you ask? Well let me give you the simple version. Salting is a random string added to the end of a password before it gets hashed (encrypted). You need the password and the salt to crack the password, so it is that much more secure. The salt is integrated into the hash itself (not concatenated), so a rainbow table won't work as well as you'd hope...

What makes my system better, you ask? No other system that I know of is this secure. Of course the features are not something to rave about, but the security is unbelievable.

Big changes are written next to the versions in bold. Those changes persist onto newer versions unless otherwise noted. Versions in italics aren't released yet or are no longer available.

Versions:
  • V1 (pastebin run Gs1GRuWD)
  • V2 (pastebin get PdYf5rwy startup) Encrypts multiple times
  • V3 (pastebin get ghasE8KL startup) Uses salting
  • V4 (pastebin get BhPk3z1E startup) ComputerCraft's first pbkdf2 lock :) (credit to Anavrins :D)
  • this password lock is pretty much abandoned by now so i'll just say it right here: don't expect an update
Add-ons:
  • Updater (pastebin get X4nFw8Bg update) (updates to latest version OR installs the latest version)
Please reply leaving feedback! It helps me make future versions!

License

Edited by LoganDark, 02 August 2016 - 07:40 PM.


#2 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 16 March 2016 - 06:03 PM

Comments below were posted after version 2 of my password lock had been released.

To view comments for the most recent version of my system, click here.

Edited by LoganDark, 17 May 2016 - 08:19 PM.


#3 LDDestroier

  • Members
  • 1,090 posts
  • LocationACDC Town

Posted 16 March 2016 - 07:56 PM

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

#4 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 17 March 2016 - 12:58 AM

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

#5 LDDestroier

  • Members
  • 1,090 posts
  • LocationACDC Town

Posted 17 March 2016 - 01:56 AM

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

What are you talking about, too many sleep() calls?

Lines 233, 248, 252. It's kinda annoying waiting two seconds to get to the shell.

#6 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 17 March 2016 - 07:32 AM

View PostLDDestroier, on 17 March 2016 - 01:56 AM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

What are you talking about, too many sleep() calls?

Lines 233, 248, 252. It's kinda annoying waiting two seconds to get to the shell.

If there were no sleep calls there, the user wouldn't be able to read the text.

Edit: The user might want to know what's going on if they're suddenly asked for the password again.

Edited by LoganDark, 17 March 2016 - 07:32 AM.


#7 Creator

    Mad Dash Victor

  • Members
  • 2,168 posts
  • LocationYou will never find me, muhahahahahaha

Posted 17 March 2016 - 11:22 AM

Better tell the user to press a key.

#8 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 17 March 2016 - 06:57 PM

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?

#9 ry00000

  • Members
  • 244 posts
  • LocationComputer, Base, SwitchCraft, Cube-earth, Blockiverse, Computer

Posted 17 March 2016 - 07:00 PM

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

#10 CompuTech

  • Members
  • 262 posts
  • LocationBoston, MA

Posted 17 March 2016 - 07:00 PM

View PostLoganDark, on 17 March 2016 - 06:57 PM, said:

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?

Yeah, it's quite easy.

<code here>
print("Press any key to continue")
sleep(0.2)--make sure any key press from the state before is up
os.pullEventRaw( "key_up" )
<mode code here>


#11 LoganDark

  • Members
  • 231 posts
  • LocationMacintosh HD/Users/LoganDark

Posted 17 March 2016 - 10:12 PM

View PostMinecrosoft, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 06:57 PM, said:

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?

Yeah, it's quite easy.

<code here>
print("Press any key to continue")
sleep(0.2)--make sure any key press from the state before is up
os.pullEventRaw( "key_up" )
<mode code here>

Uhh, I'm not dumb.
Thanks for your help, but I don't need help unless I ask for it.

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

What makes you think I really care?

#12 Anavrins

  • Members
  • 775 posts

Posted 18 March 2016 - 01:53 AM

View Postry00000, on 17 March 2016 - 07:00 PM, said:

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.
Again with these claims.
Your system is called Google, and it doesn't work with all passwords... otherwise...
Spoiler

Edited by Anavrins, 18 March 2016 - 01:56 AM.


#13 moTechPlz

  • Members
  • 40 posts

Posted 21 March 2016 - 03:56 PM

Hi, about the sleep thing, you could do both. Use a timer to wait 2 or 3 seconds or skip when the 'anykey' is pressed.

#14 apemanzilla

  • Members
  • 1,421 posts

Posted 21 March 2016 - 04:56 PM

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

Crack this. Unsalted SHA256 hash. 9 characters, lowercase a-z and numbers only.
3cc5ac3f7e28a9f177e63827899fd3d7d3d96d006ee5f5c86fbbb4ccfc9e1aa3

Edited by apemanzilla, 21 March 2016 - 04:58 PM.


#15 Creator

    Mad Dash Victor

  • Members
  • 2,168 posts
  • LocationYou will never find me, muhahahahahaha

Posted 21 March 2016 - 05:37 PM

View Postapemanzilla, on 21 March 2016 - 04:56 PM, said:

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

Crack this. Unsalted SHA256 hash. 9 characters, lowercase a-z and numbers only.
3cc5ac3f7e28a9f177e63827899fd3d7d3d96d006ee5f5c86fbbb4ccfc9e1aa3

Nowhere to be found on the internetz.

#16 ry00000

  • Members
  • 244 posts
  • LocationComputer, Base, SwitchCraft, Cube-earth, Blockiverse, Computer

Posted 21 March 2016 - 05:37 PM

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)

Edited by ry00000, 21 March 2016 - 05:41 PM.


#17 ry00000

  • Members
  • 244 posts
  • LocationComputer, Base, SwitchCraft, Cube-earth, Blockiverse, Computer

Posted 21 March 2016 - 05:44 PM

Note that this is the same PC I mine Krist on.

#18 Creator

    Mad Dash Victor

  • Members
  • 2,168 posts
  • LocationYou will never find me, muhahahahahaha

Posted 21 March 2016 - 05:50 PM

There is no way the dictionary is big enough. There are 2^256 ( 1.15 * 10^77 ) possible sha256 hashes, and there are only around 10^81 atoms in the universe, so no way the dictionary is big enough.

#19 Anavrins

  • Members
  • 775 posts

Posted 21 March 2016 - 06:49 PM

View Postry00000, on 21 March 2016 - 05:37 PM, said:

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)
Maybe go with bruteforce and you can get back to us in a year.
Posted Image
That's around 6.307 millions times more than what you claimed.

Edited by Anavrins, 21 March 2016 - 08:20 PM.


#20 apemanzilla

  • Members
  • 1,421 posts

Posted 21 March 2016 - 08:04 PM

View Postry00000, on 21 March 2016 - 05:37 PM, said:

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)

View Postry00000, on 21 March 2016 - 05:44 PM, said:

Note that this is the same PC I mine Krist on.

So much for cracking it in under five seconds.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users