Iterations and Extra Salt - Multi One Password

First of all, hashed passwords generated with default random settings of "Multi One Password" tool can't be cracked without their correspondent settings neither in 2020 nor in the next zillion years!

Saying that, if hackers happen to have access to the users hashed passwords, in which is very unlikely because legit websites will probably re-hash the already pre-hashed passwords with bcrypt or other hash function, and their correspondent settings, in which is very unlikely as well because the settings are in the possession of their users only, the hashed passwords will still be extremely difficult to impossible to be cracked because of "Iterations" and "Extra Salt" parameters!

"Iterations" is basically the number of times that the computer is required to call and use the SHA512 hash function! The higher the iteration value, the more computational power and time is required for the hashed passwords to be generated\cracked!

"Multi One Password" tool uses by default 15000 to 16000 iterations required to generate the "Default_Extra_Salt", in which is a SHA512 hashed string based on "User_Unique_Password + Random Code (Salt)"!

SHA512 hashed strings are 128 characters long strings that contain only the 16 hex symbols! There are in total 16^128 SHA512 hashed strings!

16^128 = 1.340781e+154 = below

13407810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

So, hackers are basically forced to iterate 15000 to 16000 times for each guess in order to crack the hashed passwords, otherwise, they will be forced to iterate 16^128 times for each guess, in which makes the cracking of the hashed passwords really impossible!

So, why not using 16^128 instead 15000 to 16000 iterations? Because 16^128 would take your computer an eternity to generate the hashed passwords! In the other hand, 15000 to 16000 iterations take average computers 1 second to generate the hashed passwords!

Now, what is the "Extra Salt" parameter for?

Well, there will come a time, maybe in the next Big Bang, in which 16^128 iterations will not be enough!

"Extra Salts" are SHA512 hashed strings based on "Default_Extra_Salt + The Extra Salt Index Number"!

"Multi One Password" tool uses by default 0 "Extra salt"!

For 1 "Extra salt", hackers will be forced to iterate 2 x (16^128) times for each guess!
For 2 "Extra salt", hackers will be forced to iterate 3 x (16^128) times for each guess!
For 3 "Extra salt", hackers will be forced to iterate 4 x (16^128) times for each guess!
and so on ...!

Bcrypt (vs) Multi One Password! (Click Here)

CrackQ "Hundreds of Billions of Guesses per Second" is not a threat at all for "Multi One Password" tool! (Click here!)

Bcrypt (vs) Multi One Password

Click Image to Zoom

Terahash $1.4 Million configuration of 448 x GeForce RTX 2080 GPUs, take (1 Week + 5 Days = 1.714 Weeks) to crack length 10 SHA512 alphanumeric hashed passwords! (Click Here)

"Multi One Password" uses by default 15000 to 16000 iterations, so, it takes 1.714 x 15000 = 25710 weeks = 493 years (with Salt)!

"Multi One Password" 1.714 x 75000 iterations = 128550 weeks = 2465 years = 2.465 millennium (with Salt)

Without salt, it takes an eternity!

Note that, "Multi One Password" default 15000 to 16000 iteration values are very secure, but if you want it to be equivalent or even more secure than "bcrypt $2*$, Blowfish (Unix)", use 75000 or higher iteration values!

Multi One Password (Click Here!)

Iterations and Extra Salt - Multi One Password (Click Here)

CrackQ "Hundreds of Billions of Guesses per Second" is not a threat at all for "Multi One Password" tool! (Click here!)

#passwordmanager #Infosec #cybersecurity #netsec #hashcat #crackq

Windows Must Hash Users Passwords More Securely!

Microsoft needs to step up its game in what concern hashing users passwords more securely!

First,
Windows must provide an "iteration" option!
(Users will choose the computational power and time required for their passwords to be hashed!)

Second,
Windows must provide a list of "Random Codes" at login, so users can use strategies like shown in the image below:

Note that, each installed Windows must provide an unique list with at least, lets say, 20k lines of random codes!

Know more about the image above! (Click Here)

VirusTotal - Report False Positives Contacts!

At this point, it's safe to say that VirusTotal is not reliable and not recommended anymore!

All VirusTotal does is misinform people with the False Positives detection Plague from all those antivirus aggregated in its website!

SentinelOne, Trapmine, CrowdStrike, Rising, McAfee-GW-Edition, BitDefender are the worst!

For example, SentinelOne even requires people to be their customers in order to be able to report False Positives detection! (Wow, that's Extortion!)

As an alternative, "Microsoft: Submit a file for malware analysis" is recommended!

After a file is submitted, the "Final Determination" is marked as "Pending"! After the file has been analyzed by Microsoft technicians, the "Final Determination" is marked as "Malware" or "Not Malware"!

Example here: Multi One Password (v1.4) - Microsoft "Final Determination"!

As you can see, there is no misinformation here at all!

VirusTotal should (or must) follow the same procedure as Microsoft!

ENGINE	Contact
360	kefu@360.cn
Acronis	virustotal-falsepositive@acronis.com
AegisLab	support@aegislab.com
Agnitum	trojans@agnitum.com
Ahnlab	e-support@ahnlab.com, samples@ahnlab.com
Alibaba	virustotal@list.alibaba-inc.com
Alyac (Estsoft)	esrc@estsecurity.com
Antivir	cleanset@avira.com, virus_malware@avira.com, virus@avira.com
Antiy	avlsdk_support@antiy.cn
Avast	virus@avast.com
AVG	http://www.avg.com/submit-sample http://www.avg.com/us-en/whitelist
Babable:	obu@babable.com
Baidu	bav@baidu.com, gaoyingchun@baidu.com
BitDefender	virus_submission@bitdefender.com
Bkav	fpreport@bkav.com, bkav@bkav.com
ByteHero	bytehero@163.com
ClamAV	http://www.clamav.net/reports/fp
CleanMX	abuse@clean-mx.de
CMC	vulambang@cmcinfosec.com, support.is@cmclab.net
Comodo	malwaresubmit@avlab.comodo.com
CRDF	https://threatcenter.crdf.fr/false_positive.html
CrowdStrike	VTscanner@crowdstrike.com
Cybereason	vt-feedback@cybereason.com
Cylance	cylancefilesubmit@cylance.com
CyRadar	virustotal@cyradar.com
Cyren	support@cyren.com
DNS8	dns8@layer8.pt
DrWeb	vms@drweb.com
eGambit (Tehtris)	https://tehtris.com/egambit_fp.php virus@tehtri-security.com
Emsisoft	submit@emsisoft.com or fp@emsisoft.com (false positives) https://www.emsisoft.com/en/support/contact/
Endgame	info@endgame.com
ESET	https://support.eset.com/kb141/?page=content&id=SOLN141
F-Prot	viruslab@f-prot.com
F-Secure	spyware-samples@f-secure.com, vsamples@f-secure.com
FireEye	virustotal@fireeye.com
Forcepoint (websense)	suggest@forcepoint.com
Fortinet	submitvirus@fortinet.com
GData	https://www.gdatasoftware.com/faq/consumer/submit-a-suspicious-file-app-or-url
Hacksoft:	virus@hacksoft.com.pe
Hauri:	viruslab@hauri.co.kr
Ikarus	fp@ikarus.at, samples@ikarus.at
Invincea:	info@invincea.com
Jiangmin	support@jiangmin.com, shaojia@jiangmin.com
K7	reportfp@labs.k7computing.com, k7viruslab@labs.k7computing.com
Kaspersky:	newvirus@kaspersky.com
Kingsoft (Cheetah)	operation@cmcm.com
MAX (SaintSecurity)	root@malwares.com
MaxSecure	tech@maxpcsecure.com testing@maxpcsecure.com
McAfee	virus_research@mcafee.com
McAfee-GW	virus_research_gateway@avertlabs.com
Microsoft	mmpc@submit.microsoft.com
Microworld	samples@escanav.com
NANO	http://www.nanoav.ru/index.php?option=com_content&view=article&id=15&Itemid=83&lang=en false@nanoav.ru
Norman	analysis@norman.no, support@norman.com
nProtect (Inca)	virus_info@inca.co.kr
Palo Alto	vt-pan-false-positive@paloaltonetworks.com
Panda	falsepositives@pandasecurity.com, virussamples@pandasecurity.com
Rising	http://mailcenter.rising.com.cn/filecheck_en/
Qihoo-360	support@360safe.com or https://www.360totalsecurity.com/en/suspicion/
QuickHeal	viruslab@quickheal.com
SecureAge Apex	https://www.secureaplus.com/features/antivirus/report-false-positive/
Sentinel One	report@sentinelone.com
Sophos	samples@sophos.com
Symantec	https://submit.symantec.com/false_positive/, avsubmit@symantec.com
Tencent	TAVfp@tencent.com
TheHacker Trapmine	virus@hacksoft.com.pe, falsopositivo@hacksoft.com.pe fp@trapmine.com
TrendMicro	• https://www.trendmicro.com/en_us/about/legal/detection-reevaluation.html • virus@trendmicro.com, virus_doctor@trendmicro.com • http://esupport.trendmicro.com/solution/en-us/1037634.aspx
Webroot	https://www.webroot.com/us/en/business/support/vendor-dispute-contact-us
Trustwave	ADavidi@trustwave.com
VBA32	feedback@anti-virus.by
VirusDie	partners@virusdie.com
Yandex	yandex-antivir@support.yandex.ru
Zillya	virus@zillya.com
Zoner	false@zonerantivirus.com

CrackQ "Hundreds of Billions of Guesses per Second" is not a threat at all for "Multi One Password" manager!

CrackQ: "We're talking hundreds of billions of guesses per second in many cases." (Click here for more info)

That compared to "Multi One Password" hashed "Final Passwords" is really nothing! (Click here for more info)

Iterations and Extra Salt - Multi One Password (Click Here)

Bcrypt (vs) Multi One Password! (Click Here)

For each password, "Multi One Password" manager uses by default a random 248 long characters salt that contains (uppercase\lowercase\digit) characters only and a random 128 long characters salt that contains hex symbols only!

So, here is a quick demonstration on how "hundreds of billions of guesses per second" is really nothing:

999 000 000 000 guesses in 1 second! (999 Billions!)

100000000 seconds = 3.1709791984 years

16^128 (All the 128 possible combinations between the 16 hex symbols!)
62^248 (All the 248 possible combinations between (Uppercase\Lowercase\Digit) characters!)
_____________________________________________________________________________________

999 000 000 000 x 100000000 = below

99 900 000 000 000 000 000 guesses in 3 years!

16^128 = 1.340781e+154 = below

13407810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Even in 3 years, CrackQ is still far far away to guess all the (16^128) possibilities alone!

Well, for (62^248) which is "Infinity" or "Error" in some calculators, hackers really can't do nothing with CrackQ!

_____________________________________________________________________________________

RTX 2080 Ti GPU (Year 2018, $999 US Dollars)

10 x RTX 2080 Ti GPU ($9 990 US Dollars) can guess 25054.2 MH/s SHA2-512 ~= 25 Billions per second! (Click here for more info)

It means that 100 x RTX 2080 Ti Gpu ($99 900 US Dollars) can guess 250 Billions! (Still less than 999 Billions!)
_____________________________________________________________________________________

Since 2019, the below hashed string generated in "Multi One Password" manager was sent to the CrackQ team to crack it, but no response received from them yet:

58530dfe0bc9c45fc074f56bb05a4d991cc9aa38144774b3014277ae353d7fa0a18aa6b6a33bf7b76ca313c3aa3f8d0e9913e7fcefab3dd3f0461a68a40bb587

The password is 10 characters long and contains only lowercase characters!

(Note) From the demonstration above, it would take CrackQ far and far more than 3 years to find the original password!

for aaaaaaaaaa + (16^128 + 62^248) = An Eternity
+
for aaaaaaaaab + (16^128 + 62^248) = An Eternity
+
for aaaaaaaaac + (16^128 + 62^248) = An Eternity
+...
for zzzzzzzzzz + (16^128 + 62^248) = An Eternity

Even if the "Random Code (Salt)" was made available to the CrackQ team, it would still be almost impossible for them to crack the above SHA512 hashed string because "Multi One Password" manager uses by default 15000 to 16000 iterations!

15000 iterations requires at least 1 second for the "Final Password" to be generated! (For average computers!)

26^10 (All the 10 possible combinations between the 26 Lowercase characters!)

26^10 = 1.411671e+14 = 141167100000000 total guesses

141167100000000 x 1 second = 141167100000000 seconds = 4476379 years

So, it would take them 4476379 years to crack the SHA512 hashed string above even if the "Random Code (Salt)" was made available to them! (well for 25000 or higher iterations even an eternity wouldn't be enough!)

[Note]:

for 15000 iterations, a super server can generate "Final Passwords" in 1 milliseconds = 0.001 seconds

141167100000000 x 0.001 second = 141167100000 seconds = 4476 years

for 15000 iterations, a super server can generate "Final Passwords" in 0.1 milliseconds = 0.0001 seconds

141167100000000 x 0.0001 second = 14116710000 seconds = 447 years

and son on ...!
 _____________________________________________________________________________________ 

Since 18 Feb 2020, TeraHash(Click here) still didn't crack the bellow 1 character long SHA512 hashed password (which is a lowercase letter) with its $1.4 Million configuration of 448 x GeForce RTX 2080 GPUs:

6d78101f3965681a61ab72365de3f9052d6da65f5a42ea6d4a6e68f02b81d32825388837ee9d61e5314cfca90d5638316c1465634fcad42c8cf1a744cc924947

That's really embarrassing!

In 2020, the founder of the almost defunct @TerahashCorp, @jmgosney, claimed he would crack the 10 chars long hashed password in under 3 minutes, so we decided to give him the 1 char long hashed password in order to allow him to crack it in under 1 minute! (1 year has passed and he still didn't crack none of them! This is FANTASTIC and AWESOME!!!)

Unicode - 5 Hex symbols Combination

Unicode characters represented by 5 Hex symbols combination instead of 4! (Surrogate characters to represent characters from and above 65536 would not be necessary at all!)

Download the ".txt" file from video here:
http://www.mediafire.com/file/tu0k1ujmwlx075l/Unicode_-_5_Hex_symbols_Comb.rar/file




Keywords:
Unicode - 5 Hex symbols Combination

Temp Fix For Hotmail Log In Problem

Firefox:

Chrome: 

keywords:
Temp Fix For Hotmail Log In Problem