←  Programs

ComputerCraft | Programmable Computers for Minecraft

»

[V4.1 COMING!] LoganDark's Password Lock

LoganDark's Photo LoganDark 07 Mar 2016

LoganDark's Password Lock System
Hello! I have only a few hundred words to please you before you click away, so before you go, let me introduce you to my password lock system. The newest versions (V3 onward) use salting to encrypt the passwords.

What's salting, you ask? Well let me give you the simple version. Salting is a random string added to the end of a password before it gets hashed (encrypted). You need the password and the salt to crack the password, so it is that much more secure. The salt is integrated into the hash itself (not concatenated), so a rainbow table won't work as well as you'd hope...

What makes my system better, you ask? No other system that I know of is this secure. Of course the features are not something to rave about, but the security is unbelievable.

Big changes are written next to the versions in bold. Those changes persist onto newer versions unless otherwise noted. Versions in italics aren't released yet or are no longer available.

Versions:
  • V1 (pastebin run Gs1GRuWD)
  • V2 (pastebin get PdYf5rwy startup) Encrypts multiple times
  • V3 (pastebin get ghasE8KL startup) Uses salting
  • V4 (pastebin get BhPk3z1E startup) ComputerCraft's first pbkdf2 lock :) (credit to Anavrins :D)
  • this password lock is pretty much abandoned by now so i'll just say it right here: don't expect an update
Add-ons:
  • Updater (pastebin get X4nFw8Bg update) (updates to latest version OR installs the latest version)
Please reply leaving feedback! It helps me make future versions!

License
Edited by LoganDark, 02 August 2016 - 07:40 PM.
Quote

LoganDark's Photo LoganDark 16 Mar 2016

Comments below were posted after version 2 of my password lock had been released.

To view comments for the most recent version of my system, click here.
Edited by LoganDark, 17 May 2016 - 08:19 PM.
Quote

LDDestroier's Photo LDDestroier 16 Mar 2016

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.
Quote

LoganDark's Photo LoganDark 17 Mar 2016

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?
Quote

LDDestroier's Photo LDDestroier 17 Mar 2016

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

What are you talking about, too many sleep() calls?

Lines 233, 248, 252. It's kinda annoying waiting two seconds to get to the shell.
Quote

LoganDark's Photo LoganDark 17 Mar 2016

View PostLDDestroier, on 17 March 2016 - 01:56 AM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

What are you talking about, too many sleep() calls?

Lines 233, 248, 252. It's kinda annoying waiting two seconds to get to the shell.

If there were no sleep calls there, the user wouldn't be able to read the text.

Edit: The user might want to know what's going on if they're suddenly asked for the password again.
Edited by LoganDark, 17 March 2016 - 07:32 AM.
Quote

Creator's Photo Creator 17 Mar 2016

Better tell the user to press a key.
Quote

LoganDark's Photo LoganDark 17 Mar 2016

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?
Quote

ry00000's Photo ry00000 17 Mar 2016

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.
Quote

ebernerd's Photo ebernerd 17 Mar 2016

View PostLoganDark, on 17 March 2016 - 06:57 PM, said:

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?

Yeah, it's quite easy.

<code here>
print("Press any key to continue")
sleep(0.2)--make sure any key press from the state before is up
os.pullEventRaw( "key_up" )
<mode code here>
Quote

LoganDark's Photo LoganDark 17 Mar 2016

View PostMinecrosoft, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 06:57 PM, said:

View PostCreator, on 17 March 2016 - 11:22 AM, said:

Better tell the user to press a key.

Like "press any key to continue"?

Yeah, it's quite easy.

<code here>
print("Press any key to continue")
sleep(0.2)--make sure any key press from the state before is up
os.pullEventRaw( "key_up" )
<mode code here>

Uhh, I'm not dumb.
Thanks for your help, but I don't need help unless I ask for it.

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

What makes you think I really care?
Quote

Anavrins's Photo Anavrins 18 Mar 2016

View Postry00000, on 17 March 2016 - 07:00 PM, said:

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.
Again with these claims.
Your system is called Google, and it doesn't work with all passwords... otherwise...
Spoiler

Edited by Anavrins, 18 March 2016 - 01:56 AM.
Quote

moTechPlz's Photo moTechPlz 21 Mar 2016

Hi, about the sleep thing, you could do both. Use a timer to wait 2 or 3 seconds or skip when the 'anykey' is pressed.
Quote

apemanzilla's Photo apemanzilla 21 Mar 2016

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

Crack this. Unsalted SHA256 hash. 9 characters, lowercase a-z and numbers only.
3cc5ac3f7e28a9f177e63827899fd3d7d3d96d006ee5f5c86fbbb4ccfc9e1aa3

Edited by apemanzilla, 21 March 2016 - 04:58 PM.
Quote

Creator's Photo Creator 21 Mar 2016

View Postapemanzilla, on 21 March 2016 - 04:56 PM, said:

View Postry00000, on 17 March 2016 - 07:00 PM, said:

View PostLoganDark, on 17 March 2016 - 12:58 AM, said:

View PostLDDestroier, on 16 March 2016 - 07:56 PM, said:

Ohh, it uses SHA256! Good LoganDark! I should go change my encrypted lock to use that instead.
Although, IMO it uses too many sleep() calls, and it DOES look a bit too basic for my taste. But it gets the job done, and is indeed much harder to brute-force than your previous one.

Although, brute-forcing would not be hard outside of ComputerCraft, on a real machine, possibly running brute-force as it's OS (lol), with real-world hashing with real good speed.


What are you talking about, too many sleep() calls?

Yanno, I have a system that can crack a non-salted SHA in about 5 seconds.

Crack this. Unsalted SHA256 hash. 9 characters, lowercase a-z and numbers only.
3cc5ac3f7e28a9f177e63827899fd3d7d3d96d006ee5f5c86fbbb4ccfc9e1aa3

Nowhere to be found on the internetz.
Quote

ry00000's Photo ry00000 21 Mar 2016

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)
Edited by ry00000, 21 March 2016 - 05:41 PM.
Quote

ry00000's Photo ry00000 21 Mar 2016

Note that this is the same PC I mine Krist on.
Quote

Creator's Photo Creator 21 Mar 2016

There is no way the dictionary is big enough. There are 2^256 ( 1.15 * 10^77 ) possible sha256 hashes, and there are only around 10^81 atoms in the universe, so no way the dictionary is big enough.
Quote

Anavrins's Photo Anavrins 21 Mar 2016

View Postry00000, on 21 March 2016 - 05:37 PM, said:

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)
Maybe go with bruteforce and you can get back to us in a year.
Posted Image
That's around 6.307 millions times more than what you claimed.
Edited by Anavrins, 21 March 2016 - 08:20 PM.
Quote

apemanzilla's Photo apemanzilla 21 Mar 2016

View Postry00000, on 21 March 2016 - 05:37 PM, said:

Well, let's fire up Hashcat and see what this baby can really do.

EDIT: Not big enough dictionary. (Yes I'm using a dict attack.)

View Postry00000, on 21 March 2016 - 05:44 PM, said:

Note that this is the same PC I mine Krist on.

So much for cracking it in under five seconds.
Quote