Bitcoin Forum
December 03, 2016, 09:53:48 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [IDEA] hashing badge  (Read 551 times)
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 15, 2012, 07:51:57 PM
 #1

I was watching a video and the host was talking about how websites should have badges to tell what they use to hash the password with, like "bcrypt","SHA-1","md5" and if they use a salt. I think bitcoins could greatly use this, I am going to put it on my new bitcoin related site. Just wanted see people's thoughts on this.

BTW: if someone wants to make a site with api that can detect the hashing function used and if the salt is good enough, anyone can take that idea.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480758828
Hero Member
*
Offline Offline

Posts: 1480758828

View Profile Personal Message (Offline)

Ignore
1480758828
Reply with quote  #2

1480758828
Report to moderator
Nachtwind
Hero Member
*****
Offline Offline

Activity: 700



View Profile
July 15, 2012, 10:14:14 PM
 #2

i personally dont like the idea: Why giving a hint what kind of password there is in the password dump some kiddy just ripped? Wink
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 15, 2012, 10:23:46 PM
 #3

Because in strong cryptography the algorithm should never be considered a secret.  The secret is the secret and it doesn't matter if the attacker knows everything else.  One should assume the attacker already knows everything but the secret.

A smart hacker can easily determine the algorithm anyways.  Simply locate a known account from the password dump. You have the plaintext & the hash.  Determining the algorithm is trivial.

For example, our site uses bcrypt (workload 10) with a random 128 bit per record salt.

Here is an example password hash (bcrypt includes salt and algorithm version in the hash output)
Quote
$2a$10$X2/v9/FO2.0DIE0dVkT6x.LvyrWPZv/.Tpf/O8Q67ufthCNdYx7LO

You have the algorithm and the salt; everything you need to crack the password. 

Still you will NEVER (not today, not before the sun burns out) brute force that password.  Hell if you do I'll pay you $1,000.


gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 15, 2012, 10:34:09 PM
 #4

i personally dont like the idea: Why giving a hint what kind of password there is in the password dump some kiddy just ripped? Wink

as DeathAndTaxes explained the bread and butter of a strong crytography is the algorithm along with salt, and of course with bcrypt you wouldn't have enough computing power to crack all the hashes in his password database.

I think this could be a great idea for the bitcoin community as we always wonder, what site uses to hold our passwords safe.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Nachtwind
Hero Member
*****
Offline Offline

Activity: 700



View Profile
July 15, 2012, 11:19:34 PM
 #5

...i meant to make a humorous comment ><
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!