Saturday, September 19, 2009

....salty ):

so if we store user passwords as a streight hash of the password in the user database, and said database is somehow compromised, an attacker could make use of rainbow tables to find the password. If we salt the password before storing, like:

SHA-1(uppercase(username)+password)

then that makes for a stronger hash, but then an attacker might know this and will adjust his attacks to include passwords prefixed with some other field (if it's that important to him)

i spose what we can do is store passwords like this:

un=uppercase(username)

split un into x parts, depending on length : u1,u2...ux
plit password into x parts: p1,p2....px

then we can store passwords like this:

SHA-1(u1,px,u2,px-1.....p1,ux)

or something slick like that, i dunno. the kool thing is that if the attacker evenfinds the reverse of the hash, and knows the username and tries to remove it from the string, the password is still mixed up!

Saturday, June 27, 2009

adventure!

The first thing I did was open up notepad, and entered the following test text:
i've created
a text file!

Next, I saved this as file.txt, then went to the command line, typed in 'debug file.txt' and did this:
-d
1794:0100 69 27 76 65 20 63 72 65-61 74 65 64 0D 0A 20 61 i've created.. a
1794:0110 20 74 65 78 74 20 66 69-6C 65 21 0D 0A 00 83 17 text file!.....
1794:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-e110
1794:0110 20.00 74.83 65.17
-rcx
CX 001D
:010
-rcx
CX 0010
:
-w
Writing 00010 bytes
-q


Then when I open file with notepad, the contents are:

i've created
a

so then:

I delete all the contents of file.txt, the size reads as 0 KB

Then:

-d
1794:0100 69 27 76 65 20 63 72 65-61 74 65 64 0D 0A 20 61 i've created.. a
1794:0110 00 83 17 78 74 20 66 69-6C 65 21 0D 34 00 83 17 ...xt file!.4...
1794:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1794:0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

0_o ….. hey all that data is still there, and where did that 4 come from?

-rcx
CX 0000
:

So then I do this:
-rcx
CX 0000
:01f
-w
Writing 0001f bytes
-

Then when I open the file in notepad, I get this:
i've created
a ƒxt file!
4 ƒ

so then I tried:
-rcx
CX 001F
:11
-w
Writing 00011 bytes

Which gave me this:
i've created
a

to be continued!…..