Back Online

[{V][M}Some_Mate]

Well, I didn't think it would store them as plain text, but I would also say a hash can be reversed, we have seen it done in UT after all but thanks

[Nova]

That isn't even necessary for UT, spoofing a GUID is sufficient. But yea, if you wanna be safe with your password, have one 15+ characters long with letters, numbers and symbols.

[{V][M}Rawboneuk]

620 days old

[Beamer]

Hashes can't be reversed. At the moment it's only possible to spoof MD5 hashes, doesn't mean they can retrieve the password, it's possible because there are collisions in the md5 hashing, so different sorts of inputs can in a MD5 hashing result to a same hash, usually, crackers try to get the same hash with adding large blocks of extra junk code. There's no reversing used in that process.

[{V][M}Some_Mate]

Quote:

Originally Posted by Beamer

Hashes can't be reversed.

That's a bold statement! Cain and able?

[Beamer]

It's part of the technique, hashing is just like a compression format. You have the lossless compression, like FLAC (audio), zip or rar which can be fully reversed to it's original state, and then you have the lossy compression, like MP3 and hashing and both can't be reversed.

[{V][M}RBlood]

As beamer says it's impossible to reverse a hash to a very specific password, as there are multiple passwords which produce the same hash. Infact, if the password is allowed to be any length, then there is an infinite number of passwords which can produce the same hash.

In practice, I don't think it's generally computationally feasible to find all the possible passwords even of upto say 30 characters (which ensures your possible password set is finite) since you would have to perform the one-way hash function for EVERY possible password upto 30 characters, which is a lot of hashing! But you could just do this for a set of common passwords, and then when you have a hash just look this up in your generated table and see if it's there - if it is, then there's a good chance that password will work, though it's possible the real password is actually a different value. This attack won't work if the user has chosen an intelligent password, though...

Of course, as you say, cryptographic techniques have often been found to have security issues in them so there's reason to be suspicious since someone might come along some day and find a method of getting a reverse set of possible passwords quite quickly, however, the fact remains that it's completely impossible for a hash to be reversed to a single password with absolute certainty.

[{V][M}Some_Mate]

Bit of an attempted spam attack today from 3 ips, I was home and noticed a lot of guests, I have banned the IP's from the forum, then the command line of the server and reset the "Most users ever online was" bit at the bottom of the forum as it was wrong.

[{V][M}Kammeh!]

Everyone's hatin us, man!