For a lecture I have to decrypt a hash...but in the exercise no hint was given at all.
The only information that was supplied is this:
user;pass
leroy;06e2b745f3124f7d670f78eabaa94809
I should decrypt the passphrase and describe how such a task is done but unfortunately I have no idea how to approach this problem.
My first ideas where that it is "leroy" or "jenkins" (or something like "jenkinS") in md5 or something so I simply tried to guess the passphrase but I had no luck.
Could you give me a hint on how to approch such a problem?
That is an MD5 hash, look into rainbow tables and searching online will easily get you the original value of that hash.
Related
I have a .aes file whose decryption password I thought I knew but which does not yield the decrypted version of the file.
I am 99.9% certain that the password I have (and which, in fact, I had written down and safely stored) is correct. The problem is that the .aes file was generated by a well-known open-source Bitcoin wallet software known as MultiBit which simply stopped working sometime in 2017, with many other users reporting similar problems.
I am told that Multibit may have incorrectly rendered some non alphanumeric characters of my password to whatever internal function it was using to generate the encrypted file. That means in practice that I could potentially crack my .aes file if I cycle through the permutations represented by the question marks in a password string that looks something like this:
i-AM-a-PASS?RD-with-3-UNKN?WN-charact?rs
So I guess my question is: is anyone aware of a regex-based brute-force approach that could be used for cracking .aes encryption passwords? The regex itself may need to employ both ? and * characters.
The amount of Bitcoin in the wallet was absolutely trivial, but with Musk's recent tweets sending Bitcoin to new highs I'm thinking I could buy a spanking new laptop if I can crack this.
Any suggestions most welcome.
Thanks,
I'm using libsodium to encrypt files with xchacha20poly1305 construct. I got everything working correctly by following documentation (https://download.libsodium.org/doc/secret-key_cryptography/secretstream.html) but now I'm wondering about the role of header data.
crypto_secretstream_xchacha20poly1305_init_pull requires the header from crypto_secretstream_xchacha20poly1305_state that was used when the data was encrypted so how should I treat the header data? Is it same as AES' iv/nonce that it needs and can be to be distributed with the encrypted data as-is or is it secret like the key?
I realize this is most likely a newbie question but since I'm obviously not a crypto expect, I want to make sure I use libsodium and the construct right.
Thanks!
That's a pretty old question, but since it was still waiting for an answer, here it is.
The header is indeed a nonce. It doesn't have to be secret. But it is required so that if the same stream is encrypted twice, both ciphertexts will look completely different.
Edit: The code snippet contains GUID's and was never encrypted in the first place. Also, sorry for being stupid.
I am trying to figure out how to decrypt one line of code and has the following pattern:
c1fb1fc0-df8e-46ff-9f54-20d990f7bc0f
ce0d48e7-fb20-46eb-b9c9-4a05775031b3
8bfb481b-be0d-4079-9b12-7b2dd491ed3b
ae267429-f23a-4d0c-a00f-54e44416a016
3c3eff29-fc43-4da2-8a54-fbd9b5aa7874
2dc7108d-a4dd-4530-ac7d-deb175011dd0
Always one line with an 8-4-4-4-12 pattern of case-sensitive alpha numeric values. What cipher is used to encrypt this output?
I've been staring at this problem for far too long and a fresh pair of eyes would help.
These look like GUIDs and they aren't decryptable to anything.
So im trying to use a plugin called NSISCrypt for a NSIS Installer, Im wanting to obfuscate a register password.
So there are some easy Base64 encryption and decryption. So I thought HEY! great....
http://nsis.sourceforge.net/NsisCrypt_plug-in (He is the Readme for it)
Problem is Im not really sure what the Base64 iv is.....i've googled base64 iv and have come up with nothing.
Im not expert at encryption, however I understand what a Preshared Key is of course.....but what would a BaseIV be?
An initialization vector is a non secret, typically unique or random, generated data to help make encryption non deterministic when the same key is used. The docs there are just saying the IV needs to be base64 encoded.
so I want to generate some cached html files and I want to use some sort of encryption when naming them so they can't be easily accessed. Md5/Sha1,2 might be good alternatives but
I want something light something that would generate a string lets say 12 bytes long (just saying).
Is there anything similiar, available in php?
Thank you.
For obscurity through security purposes I would just use base64 or a simple random number based on seed, or a simple date maybe.
The thing is I don't see any cause for not using md5 as a performance hitter, though you can try crc32() which is basically a checksum calculator. If you insist on having anything else but sha1/md5 - you can also see this list here: http://www.php.net/manual/en/function.hash-algos.php and use the hash() function.
You can use uuid http://php.net/manual/en/function.uniqid.php to generate a unique name, but if you need to be able to reproduce the obfuscated name then your best bet is md5, speed shouldn't be an issue or whatever you refer to with "lightweight".
For something simple, but low security, have a look at the appropriate sized FNV hash. Once you have your hash as bytes, convert it to Base64 or whatever, as you wish.