Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
base64 for an easy & strong encrypted key-pass.
base64 for an easy & strong encrypted key-pass.
Hi,
What do you thing about using encoding base64 as a password key for encrypting?
It gives you a resulting encoded word which contains Numeric + lower/capital letters.. to prevent hacking this method, it occurs to me adding some two dots charcters intercaled in a fixed position.. It seems a good way to get unbreakable encoded passwords with very easy key words.
example.
1. - Key = umbrella >> base64(umbrella)= dW1icmVsbGE=
2. We apply a litle bit of stenography to the resulted base64 word:
i.e We add some two recordable complex ascii character in a knowed position to break any hacker base64 technique they used in the uncoding process.
dW1icmVsbGE= >> d€W1icmVsbGE€= (In this case we added € in second and penultimate position)
final result: umbrella == d€W1icmVsbGE€=
So, I expect some opinions here.
What do you thing about using encoding base64 as a password key for encrypting?
It gives you a resulting encoded word which contains Numeric + lower/capital letters.. to prevent hacking this method, it occurs to me adding some two dots charcters intercaled in a fixed position.. It seems a good way to get unbreakable encoded passwords with very easy key words.
example.
1. - Key = umbrella >> base64(umbrella)= dW1icmVsbGE=
2. We apply a litle bit of stenography to the resulted base64 word:
i.e We add some two recordable complex ascii character in a knowed position to break any hacker base64 technique they used in the uncoding process.
dW1icmVsbGE= >> d€W1icmVsbGE€= (In this case we added € in second and penultimate position)
final result: umbrella == d€W1icmVsbGE€=
So, I expect some opinions here.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: base64 for an easy & strong encrypted key-pass.
what seems difficult to hack for humans, is easy for machines.bester69 wrote:So, I expect some opinions here.
your "recipe" follows a simple set of rules:
- translate a dictionary word with base64
- add a single charactyer to it twice
there's about a thousand ways to go about this, most of them better.
Re: base64 for an easy & strong encrypted key-pass.
Hi debiman, thanks for answeringdebiman wrote:what seems difficult to hack for humans, is easy for machines.bester69 wrote:So, I expect some opinions here.
your "recipe" follows a simple set of rules:number 2 is clearly making it a little harder to crack, but still... you could've just as well used u€mbrell€a.
- translate a dictionary word with base64
- add a single charactyer to it twice
there's about a thousand ways to go about this, most of them better.
It seems simple rules, but I dont see any weakness in them, with base64 we're getting a very strong word to break (base64 Alphanumeric).. adding some interleaved ascii characters prevent a hacker trying base64 inverse decoding force brute/libray book.
What you're proposing (u€mbrell€a) its a weaker word beacuse you're using only lower alpha characters plus two ascii interleaved characters.. And I guess tools for hacking follow a order rules in decoding, starting for lower chatacter, following with other ascii combinations, I guess that word would be relative quickly broken. It might take some few hours/minits with a relative new processor. You're only using a lowerCharcter set (base26) plus two comun ascii characters; A set decoding similar to this would break that code in minits/hours : 'a-z.,€$@&%!;:'
That's why they recommend you to use LowerCharacters + UpperCharacters + Numbers + FewExtrangeAscii , cos this force them to use full ASCII set for decoding (ASCII is base95) which with just a 5 characters word might take months/years with a powerfull CPU.
I think what Im proposing follow with the rules of unbreakable password, but furthermore has the advantages you can remember the complex password by using those two rule steps you wrote down (removing intercaled characters + uncoding base64). So we can use simple words like : dog, yellow, monday, 1980 in order to generate unbreakable and unforgettable passwords.
'
Last edited by bester69 on 2018-08-22 05:32, edited 1 time in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: base64 for an easy & strong encrypted key-pass.
The idea is to get a complex unbreakable password you can always and easily to remember/decodingdebiman wrote:..there's about a thousand ways to go about this, most of them better.[/url]
Example:
1980 == U.s7snhj.2=
You cant remember U.s7snhj.2=, but you can 1980
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: base64 for an easy & strong encrypted key-pass.
(supressive attitude personality goes on) Organic Portal?Head_on_a_Stick wrote:https://xkcd.com/936/
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: base64 for an easy & strong encrypted key-pass.
This mainly relies on lack of awareness of the attacker. Offline brute force attack can counter this by applying the same principle on all guesses the cracker software makes. I.e. base64(guess) + additional characters to predefined positions, then compare the hashed result to stolen hash. It doesn't matter that the end-result is more complex than the input, since the process is 100% reversible with adequate information. And that information can often be obtained by other means. Relying on the fact that attacker does not know about base64, selected "salt characters" or placement of them is security through obscurity.
It might provide some resilience against rainbow tables, as there are fewer tables containing hashes for longer passwords. It might initially buy you some time, but it doesn't take long to write a script for JohnTheRipper or other tools to make this almost completely useless. Worst case scenario, this will make crackers life even easier since users trusting this are likely to use even crappier passwords. Leading effectively to increased efficiency of dictionary attacks.
Cryptography is hard and I'm by no means an authority on the issue. However, using encoding in place of cryptographic function in this kind of scenario is like pulling on two pairs of socks and claiming you're only wearing one.
It might provide some resilience against rainbow tables, as there are fewer tables containing hashes for longer passwords. It might initially buy you some time, but it doesn't take long to write a script for JohnTheRipper or other tools to make this almost completely useless. Worst case scenario, this will make crackers life even easier since users trusting this are likely to use even crappier passwords. Leading effectively to increased efficiency of dictionary attacks.
Cryptography is hard and I'm by no means an authority on the issue. However, using encoding in place of cryptographic function in this kind of scenario is like pulling on two pairs of socks and claiming you're only wearing one.
Debian 12 Stable with sway
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Re: base64 for an easy & strong encrypted key-pass.
What do you mean you can't remember U.s7snhj.2=. It is only 11 digits! And not that complicated.bester69 wrote:[...] You cant remember U.s7snhj.2=, but you can 1980
Now these might be a little hard to memorize:
Code: Select all
+']_.+#;>!]&)~;$'(]=&>*@(
GYUAFFSJKPWXMDKFMHSBKBQAZ
dqbJ^yFM'sQ*d=Q-Wy.rXt,uo
hqnyq,^/dnq&god)`ut*-*}pj
76DA77QHE6AVJAPCBR9BK3HHU
Re: base64 for an easy & strong encrypted key-pass.
ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)kopper wrote:....
It might provide some resilience against rainbow tables, as there are fewer tables containing hashes for longer passwords. It might initially buy you some time, but it doesn't take long to write a script for JohnTheRipper or other tools to make this almost completely useless
.....
ok, You're kind of right, seems a fair weakeness thounght very improbable scenario in my opinion, I would bet this scenario is very unlikely to happend for casual hackers, I really dont see it happening.
Anyways, I suppose we might add an addional security obscurity layer, that would make it a "perfect procedure" against any contemplated/guessed scenario by any hacker.
For example: we might use as well (two characters intervealed in the source encoding word, as well), that would break any possibility matching procedure algorithm by trying reverse base64 decoding diccitionary; it would fail.
Example:
umbrella >> u$mbrell$a >> (base64) >> Asnajh54n= >> A$snajh54n$=
THIS DO SEEMS QUICK UNPROBABLE IMPOSSIBLE HACKING Im wondering myself How many algorithms in world can break that example word..
Anyway, this procedure is perfect for cloud services, as all of them lock the account by few failed intents. See!!, In this scenario, this method is Great
regards.
Last edited by bester69 on 2018-08-22 13:14, edited 15 times in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- sunrat
- Administrator
- Posts: 6494
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 118 times
- Been thanked: 476 times
Re: base64 for an easy & strong encrypted key-pass.
Damn, I better change my pass word.Head_on_a_Stick wrote:https://xkcd.com/936/
JK, I was thinking to post that same link after reading OP.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Re: base64 for an easy & strong encrypted key-pass.
Not initially of course, but eventually that would become public knowledge given enough time. If you're implementing this as part open-source project, it is public as soon as the project goes live. Even if it's propriatery, it will be found as vulnerability soon enough. Don't underestimate people's interest in "new unbreakable passwords". At least that claim will get everyone to try and break it, when it comes to security industry. For reference, you might be interested to take look how it worked for John McAfee when he said his Bitfi wallet was "unhackable".bester69 wrote:ok, do you really thing most of attackers are considering this [retracted] Thats supposing too much in my opinion.
Security through obscurity in defense isn't really anything you should aim for. Security should not be affected by the fact that potential adversary knows the used algorithms inside out. On offensive field, obscurity has more use cases in operational security, like remaining undetected until you achieve what you want. I.e. you acknwoledge that you're operating on limited time window.
To counter it, just write a longer script for the cracker software. You can't achieve anything new by iterating between encoding and adding characters.bester69 wrote:For example: we might use as well
That already works quite fine for normal passwords. Anyone who's not a bot or an idiot wouldn't try to brute force live web application / cloud service with such restrictions.bester69 wrote:Anyway, this procedure is perfect for cloud services, as all of them lock the account by few failed intents. See!!, In this scenario, this method is Great
Debian 12 Stable with sway
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Re: base64 for an easy & strong encrypted key-pass.
Yeah, that gives your argument lots of credibility!bester69 wrote:[...]ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)[...]
I guess you think it is impossible to write a virus for Linux.
PS: This is an example of what I consider to be a good password:
Code: Select all
^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{
Re: base64 for an easy & strong encrypted key-pass.
You just need >= 8 ASCII(Base 95 characters) .. what the hell are you doing man?? You wouldnt break that even with a quantum computerRU55EL wrote:Yeah, that gives your argument lots of credibility!bester69 wrote:[...]ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)[...]
I guess you think it is impossible to write a virus for Linux.
PS: This is an example of what I consider to be a good password:
Code: Select all
^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{
See this litle ASCII 9 characters:
/yjH.23dZ
Would take around 1300 years according this calculator (2015 cpu computer): https://www.betterbuys.com/estimating-p ... ing-times/
Would take around 7 years according this calculator: https://random-ize.com/how-long-to-hack-pass/
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: base64 for an easy & strong encrypted key-pass.
Try checking at How secure is my password. Estimate for your password "/yjH.23dZ"bester69 wrote:
You just need >= 8 ASCII(Base 95 characters) .. what the hell are you doing man?? You wouldnt break that even with a quantum computer
See this litle ASCII 9 characters:
/yjH.23dZ
Would take around 1300 years according this calculator (2015 cpu computer): https://www.betterbuys.com/estimating-p ... ing-times/
Would take around 7 years according this calculator: https://random-ize.com/how-long-to-hack-pass/
Estimate for " ^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{"It would take a computer about
1 month
to crack your password
I usually check the password size limit (for where it is used) and use that for the size of the password. You can never be too sure.It would take a computer about
830 quattuorvigintillion years
to crack your password
PS: The password size limit here at forums.debian.net is 30 digits. Do you think you can guess my password?
PPS: How big is a quattuorvigintillion?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: base64 for an easy & strong encrypted key-pass.
Nice site!RU55EL wrote:https://howsecureismypassword.net/
Apparently, the password "howsecureismypassword" would take 410 billion years to crack and it's really easy to remember — there's a lesson there for us all, I think
deadbang
Re: base64 for an easy & strong encrypted key-pass.
It is even better at https://www.betterbuys.com/estimating-p ... ing-times/Head_on_a_Stick wrote:Nice site!RU55EL wrote:https://howsecureismypassword.net/
Apparently, the password "howsecureismypassword" would take 410 billion years to crack and it's really easy to remember — there's a lesson there for us all, I think
results for "howsecureismypassword"
Yep, you can't take those password checkers too seriously. We have brains, it's good to use them every so often...∞
INFINITI
Re: base64 for an easy & strong encrypted key-pass.
i don't know why this is so difficult to understand?debiman wrote:what seems difficult to hack for humans, is easy for machines.
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.
beside plain dictionary words, the above website does not take any of this into account.
fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.
(*) i'm playing devil's advocate here
Re: base64 for an easy & strong encrypted key-pass.
You are very confuse and very wrong if using 40 characters word, In 2019 atdebiman wrote:i don't know why this is so difficult to understand?debiman wrote:what seems difficult to hack for humans, is easy for machines.
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.
beside plain dictionary words, the above website does not take any of this into account.
fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.
(*) i'm playing devil's advocate here
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.
You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you?
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- sunrat
- Administrator
- Posts: 6494
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 118 times
- Been thanked: 476 times
Re: base64 for an easy & strong encrypted key-pass.
I'll play devil's advocate's sidekick. You don't really need an unbreakable password to hide your pr0n collection.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Re: base64 for an easy & strong encrypted key-pass.
i don't know where you are getting these alternative facts from (please do share some links) but i think it's plain to understand that a longer password is harder to crack, duh.bester69 wrote: You are very confuse and very wrong if using 40 characters word, In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.
You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you?
also i don't use "words", but completely randomised passwords, which i do not remember in my head. maybe you need to re-read my last post.
also last time i looked it was still 2018. maybe in besterland the clocks are running faster?