Bitcoin Forum
November 05, 2024, 01:52:30 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Password hasher and encrypter, keep your Bitcoins safe!  (Read 884 times)
matt_boyd (OP)
Sr. Member
****
Offline Offline

Activity: 246
Merit: 250


View Profile
April 20, 2013, 02:56:00 PM
 #1

Hey BTCitcointalk,

Contextual information:

So basically I got into bitcoins maybe two or so months ago and have been interested ever since. Due to the surge in traffic to Bitcoins, people were getting their accounts hacked due to not having very safe passwords.

At this moment in time I am trying to get into programming and so for my first project I decided to make a password hasher, that seems to work fine and is on Github: https://github.com/matt-boyd/password_hasher. Then someone pointed out to me that I should put encryption onto the hashed password and so  Iimplemented this feature today. Here is the repository for the project: https://github.com/matt-boyd/hasher_and_encrypter. I hope that this can come in useful and you can inspect the code in the "hashing.py" file.

Thanks for reading, Matt.

NB
Due to this project being open-source, if you feel like donating, here is my bitcoin wallet: 169iA76RmnatFXmEthT6AEehxMQ9X1ro3L

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
April 20, 2013, 03:13:32 PM
 #2

And again Python...tbh I am rather tired of Bitcoiners constantly writing stuff in Python.

inb4 then don't use it. But it's true imho.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
matt_boyd (OP)
Sr. Member
****
Offline Offline

Activity: 246
Merit: 250


View Profile
April 20, 2013, 03:16:35 PM
 #3

Sorry about that, my reasoning would be that I am relatively new to the whole "programming" thing and Python was nice to start with...

Would you prefer that I wrote it in another language? If so tell me and I shall try my best! Smiley
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
April 20, 2013, 03:28:58 PM
 #4

I'm trying to understand how you expect people to use this. You say:

So basically I got into bitcoins maybe two or so months ago and have been interested ever since. Due to the surge in traffic to Bitcoins, people were getting their accounts hacked due to not having very safe passwords.

I counter that people are more likely to have their passwords or bitcoins stolen by running arbitrary code posted on the forum by noobs as their first post out of newbie jail, or especially .exe's claiming to be made from that code but which can't be replicated.

Hashing doesn't make a password or the resulting hash any more secure, and you certainly can't memorize a hash result. You can calculate a hash using Javascript in your web browser if you desired to do so.

Where is the encryption? You don't seem to know that cryptographic hashes are not encryption.
All I see is exes and dlls and no python.
matt_boyd (OP)
Sr. Member
****
Offline Offline

Activity: 246
Merit: 250


View Profile
April 20, 2013, 03:34:01 PM
 #5

Right so,
Quote
especially .exe's claiming to be made from that code but which can't be replicated.


Feel free to take the code from hashing.py and the code from setup.py and run it using the py2exe module and make sure you have all the other modules in there, you will see that the code replicates perfectly.

Quote
Hashing doesn't make a password or the resulting hash any more secure

Yes, I know that is why there is a new one that has encryption with it. The hashing is more to prevent against easy brute-forcing attacks which seems to be quite common in the Bitcoin community.

Hope that helps out a little more,


Matt.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
April 20, 2013, 03:50:37 PM
 #6

Right so,
Quote
especially .exe's claiming to be made from that code but which can't be replicated.


Feel free to take the code from hashing.py and the code from setup.py and run it using the py2exe module and make sure you have all the other modules in there, you will see that the code replicates perfectly.

Quote
Hashing doesn't make a password or the resulting hash any more secure

Yes, I know that is why there is a new one that has encryption with it. The hashing is more to prevent against easy brute-forcing attacks which seems to be quite common in the Bitcoin community.

Hope that helps out a little more,


Matt.

No .py here: https://github.com/matt-boyd/hasher_and_encrypter

What's being encrypted? What encryption algorithm is being used? etc? Hash algorithms are used as a way to non-reversibly store passwords, they are what is brute-forced when a site has their password list stolen.

I suggest you look at KeePass, http://keepass.info/features.html, which actually does create and store securely random passwords.

matt_boyd (OP)
Sr. Member
****
Offline Offline

Activity: 246
Merit: 250


View Profile
April 20, 2013, 04:08:51 PM
 #7

Wow, sorry about that, didn't even see that I hadn't uploaded them, here is the link.

https://github.com/matt-boyd/hasher_and_encrypter
mr-sk
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile
April 20, 2013, 11:55:33 PM
 #8

Still can't trust the source and the compiled binaries are 1:1 ... would have to compile and then check that the binaries match before I would run your stuff ... not sure novice programmers should do anything related to encryption, IMO.

If you really want to get into encryption, read, re-read and fully understand: http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099

Again, novice (and experienced) programmers should NOT try to RELEASE encryption related ANYTHING. Too many mistakes have been made ... just look at the recent cryptocat debacle: http://paranoia.dubfire.net/2012/07/tech-journalists-stop-hyping-unproven.html

... http://diovo.com/2009/02/wrote-your-own-encryption-algorithm-duh/ .. so many to read ....

Telegram
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1446



View Profile
April 21, 2013, 12:17:21 AM
 #9

What's the point of this when you can use keepass? Better yet, why use this script when you can use shasum?

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!