Jump to content




Password protected OS

computer api

9 replies to this topic

#1 greygraphics

  • Members
  • 16 posts

Posted 14 June 2016 - 04:48 PM

Hey,

I created this small, password protected OS. It is called SecOS and cannot be terminated. Also, the password of the users are encrypted so that you cannot read them directly. However, you can edit them. They are (as far as I know) only decryptable with themselves as password.

Added commands:
  • mkusr (Create a new user in the /users directory)
  • passwd (Change the password of the user you log in)
Added APIs:
  • secure (A small API which allows for fast password encryption and check)
Added directories:
  • /users (The directory every user and password is stored)

Link: SaRwxwcn

Note: This file can unpack itself, simply type in "<Filename> <Filename>"

I hope you have fun with this. :)

#2 SGunner2014

  • Members
  • 113 posts
  • LocationMaidstone, UK

Posted 16 June 2016 - 03:20 PM

Why are the passwords encrypted? Have you thought of hashing them instead?

#3 greygraphics

  • Members
  • 16 posts

Posted 16 June 2016 - 07:11 PM

 SGunner2014, on 16 June 2016 - 03:20 PM, said:

Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure...

#4 Goof

  • Members
  • 751 posts

Posted 16 June 2016 - 07:14 PM

 greygraphics, on 16 June 2016 - 07:11 PM, said:

 SGunner2014, on 16 June 2016 - 03:20 PM, said:

Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure...
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.

#5 greygraphics

  • Members
  • 16 posts

Posted 16 June 2016 - 07:21 PM

 Mikk809h, on 16 June 2016 - 07:14 PM, said:

 greygraphics, on 16 June 2016 - 07:11 PM, said:

 SGunner2014, on 16 June 2016 - 03:20 PM, said:

Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure...
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.

Ok, I will look into that, although I don't have much experience with encrypting text. :)

#6 Blue

  • Members
  • 309 posts
  • LocationGlass/UX/main.lua

Posted 16 June 2016 - 07:26 PM

 Mikk809h, on 16 June 2016 - 07:14 PM, said:

 greygraphics, on 16 June 2016 - 07:11 PM, said:

 SGunner2014, on 16 June 2016 - 03:20 PM, said:

Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure...
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
But where would you securely store the salt?

#7 Goof

  • Members
  • 751 posts

Posted 16 June 2016 - 07:30 PM

 Blue, on 16 June 2016 - 07:26 PM, said:

 Mikk809h, on 16 June 2016 - 07:14 PM, said:

 greygraphics, on 16 June 2016 - 07:11 PM, said:

 SGunner2014, on 16 June 2016 - 03:20 PM, said:

Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure...
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
But where would you securely store the salt?
The salt doesn't have to be stored in a secret place.

You can save the hash of the password+salt in the same file, if you want to. (For example with the salt on the 2nd line)

Edited by Mikk809h, 16 June 2016 - 07:45 PM.


#8 Anavrins

  • Members
  • 775 posts

Posted 16 June 2016 - 10:25 PM

The current hash algorithm is not safe at all anyway.
Spoiler
All character is encoded individually, by multiplying with some value, and that value can of course be retrieved by calculating the greatest common divisor of all the numbers.
There is some good hashing algorithms on my profile page that you can use to securely store password, mainly PBKDF2-SHA2.
The salt doesn't need to be secret, but don't simply concatenate it the password, use HMAC-SHA2 or PBKDF2-SHA2 instead.

Edited by Anavrins, 16 June 2016 - 10:46 PM.


#9 greygraphics

  • Members
  • 16 posts

Posted 17 June 2016 - 01:59 PM

 Anavrins, on 16 June 2016 - 10:25 PM, said:

The current hash algorithm is not safe at all anyway.
Spoiler
All character is encoded individually, by multiplying with some value, and that value can of course be retrieved by calculating the greatest common divisor of all the numbers.
There is some good hashing algorithms on my profile page that you can use to securely store password, mainly PBKDF2-SHA2.
The salt doesn't need to be secret, but don't simply concatenate it the password, use HMAC-SHA2 or PBKDF2-SHA2 instead.

Well, thanks. As I mentioned earlier, I do not know much about encoding text.
I will look into it.

Um, and may I ask for an advice? If I take the algorith and make it multiply the numbers like this:
function encode(sInput)
    local encoded = ""
    local value = 0
  
    for i=1,string.len(sInput),1 do
	    value = value+string.byte(string.sub(sInput,i,i))
    end
  
    for i=1,string.len(sInput),1 do
	    encoded = encoded..tostring(string.byte(string.sub(sInput,i,i))*value^i*value)
	    --Actually I don't know how to do this X^n thing correctly
    end

    return encoded
end

Would it be more secure?

Edited by greygraphics, 17 June 2016 - 02:07 PM.


#10 Anavrins

  • Members
  • 775 posts

Posted 28 July 2016 - 05:06 PM

 greygraphics, on 17 June 2016 - 01:59 PM, said:

Um, and may I ask for an advice? If I take the algorith and make it multiply the numbers like this:
...
Would it be more secure?
You learned the answer in grade school, it's trivial to invert multiplication and exponentiation with division and radix.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users