- Alcatel (6)
- Android (6)
- Blogger (10)
- Calculators (1)
- Facebook (1)
- Games (4)
- GitHub (1)
- Html-Css-Js (45)
- Illustrator (2)
- InfoSec (13)
- Photoshop (4)
- PHP (11)
- Unicode (2)
- Windows (2)
jQuery
elevateZoom (Requires jQuery)
Microsoft Store (Donation)
Facebook Messenger (Donation)
Many donors of this blog prefer to donate their money through Facebook Messenger!
Click here to go to this blog's Facebook Page!
Thank you!
Click here to go to this blog's Facebook Page!
Thank you!
Request Web\PHP\JavaScript\HTML Project !
Contact us if you want us to develop a Web\PHP\JavaScript\HTML project for you!
Advertise On This Blog!
If you want a Product\Service\Event to be advertised on this blog, feel free to contact us!
Ads (Reserved)
Sunday, February 23, 2020
Iterations and Extra Salt - Multi One Password
First of all, hashed passwords generated with default random settings of "Multi One Password" tool can't be cracked without their correspondent settings neither in 2020 nor in the next zillion years!
Saying that, if hackers happen to have access to the users hashed passwords, in which is very unlikely because legit websites will probably re-hash the already pre-hashed passwords with bcrypt or other hash function, and their correspondent settings, in which is very unlikely as well because the settings are in the possession of their users only, the hashed passwords will still be extremely difficult to impossible to be cracked because of "Iterations" and "Extra Salt" parameters!
"Iterations" is basically the number of times that the computer is required to call and use the SHA512 hash function! The higher the iteration value, the more computational power and time is required for the hashed passwords to be generated\cracked!
"Multi One Password" tool uses by default 15000 to 16000 iterations required to generate the "Default_Extra_Salt", in which is a SHA512 hashed string based on "User_Unique_Password + Random Code (Salt)"!
SHA512 hashed strings are 128 characters long strings that contain only the 16 hex symbols! There are in total 16^128 SHA512 hashed strings!
16^128 = 1.340781e+154 = below
13407810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
So, hackers are basically forced to iterate 15000 to 16000 times for each guess in order to crack the hashed passwords, otherwise, they will be forced to iterate 16^128 times for each guess, in which makes the cracking of the hashed passwords really impossible!
So, why not using 16^128 instead 15000 to 16000 iterations? Because 16^128 would take your computer an eternity to generate the hashed passwords! In the other hand, 15000 to 16000 iterations take average computers 1 second to generate the hashed passwords!
Now, what is the "Extra Salt" parameter for?
Well, there will come a time, maybe in the next Big Bang, in which 16^128 iterations will not be enough!
"Extra Salts" are SHA512 hashed strings based on "Default_Extra_Salt + The Extra Salt Index Number"!
"Multi One Password" tool uses by default 0 "Extra salt"!
For 1 "Extra salt", hackers will be forced to iterate 2 x (16^128) times for each guess!
For 2 "Extra salt", hackers will be forced to iterate 3 x (16^128) times for each guess!
For 3 "Extra salt", hackers will be forced to iterate 4 x (16^128) times for each guess!
and so on ...!
Bcrypt (vs) Multi One Password! (Click Here)
CrackQ "Hundreds of Billions of Guesses per Second" is not a threat at all for "Multi One Password" tool! (Click here!)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment