@Captain Nemo, ya you are right, as long as it satisfies our guilt of copy infringement
@Captain Nemo, ya you are right, as long as it satisfies our guilt of copy infringement
<span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
<span style='color:blue'>Try not to let your mind wander...it is too small and fragile to be out by itself</span>
I'll be uploading a page soon with some really strong JavaScript password protection and see if anyone here can crack it. I have right now on me JS implementation of Blowish-358 and MD5.
And my God, who killed the layout?
Poster
The password is klite. Isn't it ?
You used the same protections as on try2hack.nl's level 3 (i think), so it wasn't really difficult to hack. But of course, i could've just disable JS and been done with it
Poster
Heh, that no longer works...
Why did you have to make that prompt appear forever ? I had to reconnect and restart my browser because of that
Originally posted by haxor41789@22 January 2004 - 22:16
Break me
<span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
<span style='color:blue'>Try not to let your mind wander...it is too small and fragile to be out by itself</span>
Poster
Originally posted by I.am+23 January 2004 - 21:26--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (I.am @ 23 January 2004 - 21:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-haxor41789@22 January 2004 - 22:16
Break me
good protection, at first glance
Sorry... it's been removed.
This really isn't implemented as a source protection scheme, but you probably can see how it could be.
I doubt if it is really strong. That javscript was in an infinite loop if it is wrong password. A bot can be put to work to use all the passwords from a list until its found if its a dumb password. Otherwise, you can download the website via winhttrack and see the javascript file, unencrypt it find the password and use it. You already might be knowing this too.
Althought unencryption might take a little long but will work eventually. Plus javascript is too slow for MD5 encryption, you might be knowing it.
If you see here,
Javascript MD5
one can easily modify to decrypt it.
<span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
<span style='color:blue'>Try not to let your mind wander...it is too small and fragile to be out by itself</span>
Ah, but it is not just MD5. There are two passwords in that very file.
(Highlight rest of line for a hint) You don't even have to bother decrypting the MD5, think about how it processes the next command.
The second algorithm will always decrypt the text no matter what password you put in, but it will return garbage. This will take a bot much longer as it will have to have some way of discerning garbage from the actual page.
HTTrack will not work on my site. Besides, there's no difference in viewing source or mirrorring it.
JavaScript MD5 is not that slow, but the second algorithm is.
(Info from the winners' page regarding algorithm 2)
n = N to the power L where:
n is the number of possible passwords
N is the number of characters that can be used in the password
L is the password length
With a character set of a-z, A-Z, 0-9, ! to ) and 100 extended characters, N is (26 + 26 + 10 + 10 + 100), or 172. For a password length of six characters, n will be 172 to the power 6, or 25,892,303,048,704 possible passwords. Here is table detailing increases in password length with the same charset:
Password length / Possible passwords / 1,000,000 passwords/second / 1 trillion passwords/second
1 / 172 / 0 seconds / 0 seconds
2 / 29584 / 0 seconds / 0 seconds
5 / 150,536,645,632 / 41 minutes / 0 seconds
7 / 40,867,559,636,992 / 1.3 years / 41 seconds
8 / 3.59 x 10 to the power 15 / 114 years / 1 hour
10 / 2.78 x 10 to the power 19 / 883,120 years / 332 days
15 / 1.47 x 10 to the power 29 / 4.66 x 10 to the power 15 years / 4.66 x 10 to the power 9 years
25 / 4.09 x 10 to the power 48 / 1.29 x 10 to the power 35 years / 1.29 x 10 to the power 29 years
48 / 2.16 x 10 to the power 93 / 6.86 x 10 to the power 79 years / 6.86 x 10 to the power 73 years
100 / 3.57 x 10 to the power 223 / 1.13 x 10 to the power 210 years / 1.13 x 10 to the power 204 years
The cracking rate of 1 trillion passwords per second in the last column is definitely science fiction, but it can be accomplished in 10-15 years by using hundreds of supercomputers for distributed password cracking.
Posting Permissions
Reply With Quote
Bookmarks