L2JDB: table ACCOUNTS: field PASSWORD
Forum rules
READ NOW: L2j Forums Rules of Conduct
READ NOW: L2j Forums Rules of Conduct
-
- Posts: 7
- Joined: Wed Apr 22, 2009 6:50 am
L2JDB: table ACCOUNTS: field PASSWORD
L2J Revision Number:2939
L2JDP Revision Number:5984
does anybody know wich algorithm(s) is(are) used to encrypt passwords in db?
L2JDP Revision Number:5984
does anybody know wich algorithm(s) is(are) used to encrypt passwords in db?
- janiii
- L2j Veteran
- Posts: 4269
- Joined: Wed May 28, 2008 3:15 pm
- Location: Slovakia
Re: L2JDB: table ACCOUNTS: field PASSWORD
Code: Select all
base64_encode(pack('H*', sha1($pwd)))
DO NOT EVEN TRY TO MESS WITH ME!
forum flOOder dancing dEVILoper ♀
I don't give private support - PM will be ignored!
forum flOOder dancing dEVILoper ♀
I don't give private support - PM will be ignored!
-
- Posts: 7
- Joined: Wed Apr 22, 2009 6:50 am
Re: L2JDB: table ACCOUNTS: field PASSWORD
so... what would the inverse function be for that?... cant find anything about sha1() funcjaniii wrote:Code: Select all
base64_encode(pack('H*', sha1($pwd)))
- Reimu
- Posts: 40
- Joined: Wed Apr 15, 2009 9:56 am
- Location: Rus
Re: L2JDB: table ACCOUNTS: field PASSWORD
Code: Select all
<?phpfunction l2j_encrypt ($pass){ return base64_encode(pack("H*", sha1(utf8_encode($pass))));}?>
- momo61
- Posts: 1648
- Joined: Fri Jun 06, 2008 2:05 pm
- Location: Europe
Re: L2JDB: table ACCOUNTS: field PASSWORD
would be good to know how to see the pw
- Reimu
- Posts: 40
- Joined: Wed Apr 15, 2009 9:56 am
- Location: Rus
Re: L2JDB: table ACCOUNTS: field PASSWORD
To hack sha1 u must compute 2^64 operations ) Over 5 000 000 000 yers of calculations :D
-
- Posts: 7
- Joined: Wed Apr 22, 2009 6:50 am
Re: L2JDB: table ACCOUNTS: field PASSWORD
so by the time it's been hacked would be obsolet...Reimu wrote:To hack sha1 u must compute 2^64 operations ) Over 5 000 000 000 yers of calculations
not imposible ... but worthless to try
-
- Posts: 271
- Joined: Wed Mar 19, 2008 10:16 am
Re: L2JDB: table ACCOUNTS: field PASSWORD
Yes, that's why hashing algorithms are used... They provide a way to check the password but no way to recover it. Same system is used in forums (sometimes SHA, sometimes MD5), that's why you can't recover the password but only change it...
MD5 has been successfully attacked. That don't mean that it has become worthless, attacking it still require lots of computer power, but you can't use it anymore for critical tasks.
By the way, hashing algorithms lose information, which means that several messages may lead to the same digest. The attack agains these algorithms are twofold : creating two messages with the same digest or creating a new message with a given digest. The first problem is easier to solve using the "anniversary attack". In short, take 50 people, you've more than 90% chance that two people have the same anniversary (although there are 365 days in a year). The second problem is more tricky as you've to do more computation before you can get a valid answer.
MD5 has been successfully attacked. That don't mean that it has become worthless, attacking it still require lots of computer power, but you can't use it anymore for critical tasks.
By the way, hashing algorithms lose information, which means that several messages may lead to the same digest. The attack agains these algorithms are twofold : creating two messages with the same digest or creating a new message with a given digest. The first problem is easier to solve using the "anniversary attack". In short, take 50 people, you've more than 90% chance that two people have the same anniversary (although there are 365 days in a year). The second problem is more tricky as you've to do more computation before you can get a valid answer.
- ThePhoenixBird
- L2j Inner Circle
- Posts: 1857
- Joined: Fri May 27, 2005 5:11 pm
Re: L2JDB: table ACCOUNTS: field PASSWORD
You may use a Quantic Computer to try to hack it in 10 mins or so.
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
- Reimu
- Posts: 40
- Joined: Wed Apr 15, 2009 9:56 am
- Location: Rus
Re: L2JDB: table ACCOUNTS: field PASSWORD
With dictionary of commonly used stupid user passwords in can take 1 sec or so )
-
- Posts: 8
- Joined: Fri Apr 17, 2009 6:13 pm
Re: L2JDB: table ACCOUNTS: field PASSWORD
You can use unpack() and base64_decode in php to get the raw sha1 hash again though as mentioned before it would take a hell lot of proccessing power to get the plain password again, as you have to check for collisions.
Some years ago sha1 has been broken (http://www.schneier.com/blog/archives/2 ... roken.html). Today it would still take a large budget to calculate the hashes though.
Some years ago sha1 has been broken (http://www.schneier.com/blog/archives/2 ... roken.html). Today it would still take a large budget to calculate the hashes though.