Just shoot me... Base64 as encryption

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

33 Replies - 7554 Views - Last Post: 04 November 2017 - 08:28 AM

#16 NeoTifa  Icon User is offline

  • NeoTifa Codebreaker, the Scourge of Devtester
  • member icon





Reputation: 4083
  • View blog
  • Posts: 18,159
  • Joined: 24-September 08

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 10:13 AM

You gotta salt AND pepper them now, right?
Was This Post Helpful? 1
  • +
  • -

#17 jon.kiparsky  Icon User is online

  • Chinga la migra
  • member icon


Reputation: 10690
  • View blog
  • Posts: 18,307
  • Joined: 19-March 11

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 10:20 AM

I like to add a little cumin - gives it that little something extra, you know?
Was This Post Helpful? 1
  • +
  • -

#18 NeoTifa  Icon User is offline

  • NeoTifa Codebreaker, the Scourge of Devtester
  • member icon





Reputation: 4083
  • View blog
  • Posts: 18,159
  • Joined: 24-September 08

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 10:34 AM

Lol I wasn't being a smart ass, I am actually pretty sure I saw pepper as an upcoming encryption method, which is like double salting but with 2 different salts.
Was This Post Helpful? 0
  • +
  • -

#19 Radius Nightly  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 91
  • Joined: 07-May 15

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 01:35 PM

View PostSkydiver, on 02 November 2017 - 05:29 PM, said:

MD5 is actually a one way hash. You can't retrieve the password back out of MD5. MD5 is now considered cryptographically broken in the sense that somebody can induce a collision by producing data that will match the hash of your data.

I dont understand that MD5 is a one way-hash you said. Its not anything like CRC to be one-way only. You probably think about MD5 hash of a file, and not a some text.

With this, you can encrypt text into MD5.
http://md5encryption.com/

With this, you can decrypt MD5 into a text back.
http://md5decryption.com/

Anyway, point was, to use right tool and to complicate things.

This post has been edited by Radius Nightly: 02 November 2017 - 01:38 PM

Was This Post Helpful? 0
  • +
  • -

#20 jon.kiparsky  Icon User is online

  • Chinga la migra
  • member icon


Reputation: 10690
  • View blog
  • Posts: 18,307
  • Joined: 19-March 11

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 01:43 PM

View PostRadius Nightly, on 02 November 2017 - 03:35 PM, said:

I dont understand that MD5 is a one way-hash you said. Its not anything like CRC to be one-way only. You probably think about MD5 hash of a file, and not a some text.


So... hashing.
Hashing is a process that maps arbitrary-sized data into fixed-size elements in a hash space. It is therefore not an invertible function.
Your site looks like it's done a semi-clever trick of matching hashes to the values that produced those hashes, allowing you to pull out, for a given hash, maybe some of the things that hash to that value. It's not "decrypting", though, since hashing isn't encryption.
Was This Post Helpful? 0
  • +
  • -

#21 Radius Nightly  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 91
  • Joined: 07-May 15

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 01:50 PM

I gave you example link, try it.
Be real, you can encrypt text or lets say a string, into MD5 ( http://md5encryption.com/ ) and you can decrypt it back ( http://md5decryption.com/ ). Probably not the best way today, back then it was the newest solution.
File hash works in a way you described. Edit: Checksum?

This post has been edited by Radius Nightly: 02 November 2017 - 01:53 PM

Was This Post Helpful? 0
  • +
  • -

#22 jon.kiparsky  Icon User is online

  • Chinga la migra
  • member icon


Reputation: 10690
  • View blog
  • Posts: 18,307
  • Joined: 19-March 11

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 02:00 PM

I don't think you're quite following. An encryption is a bijective function mapping clear data to encrypted data. "Bijective" means that each input maps onto exactly one output and each output is mapped from exactly one input. That is, for any output there is exactly one input that could have produced it. This means that decryption is possible. Hash functions like MD5 are surjective but not injective, meaning that multiple inputs can map to the same output. This means there is no way to "decrypt".
Now, if the actual domain of the function is a very restricted subset of the nominal domain, then it's likely that you could find a real-world one-to-one mapping. This is what your "md5 decrypt" site is likely doing. Given that the set of English sentences of length L is a vanishing subset of the set of possible strings of length L, this works. But it's not encryption, and if you're working in tech you probably want to do a bit of reading up on this before you cause trouble for yourself or others.
Was This Post Helpful? 2
  • +
  • -

#23 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 5898
  • View blog
  • Posts: 20,138
  • Joined: 05-May 12

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 02:01 PM

That site cheats. It's a learning rainbow table. :) I put in a completely random set of phrases from 3 different languages. The was about 64 characters long (or effectively 512 bits). The site spit back out a 128 bit MD5 hash. Putting in that 16 byte hash back returned the original 64 character phrase. The phrase I used does not compress down to 16 bytes using even using the most efficient Huffman encoding, or LZ compress. So information theory tells us we need all the information to be somehow encoded to transport information. That therefore means that the site cheated and stored the both the hash as well as the original phrase into a database for look up later. It didn't actually read the 128 bits to bring back the 512 bits. It used the 128 bits as a key into a database that holds the original phrase.
Was This Post Helpful? 4
  • +
  • -

#24 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1830
  • View blog
  • Posts: 5,761
  • Joined: 15-January 14

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 04:18 PM

Quote

Be real, you can encrypt text or lets say a string, into MD5

No you can't. MD5 is not encryption, it is hashing. Have you noticed that a MD5 hash is always 128 bits, or 32 hex characters, regardless of what text you hashed? That means that if you hash the string "a", you're going to get back 32 hex characters. If you also hash the entire text of Tolstoy's 1,225 pages of War And Peace, you will also get back a hash of 32 hex characters.

If you think this is really encryption, then answer this: how is it possible to store all of the data that makes up the text of War And Peace in only 128 bits? Wouldn't that be a level of compression that has never been possible?

If you still think this is encryption, then how about if you copy and paste the text of War And Peace 10 times, and hash that? You'll still get 128 bits. How do you think it is possible to store the data contained in over 12,000 pages of text in only 128 bits?

The answer is that it is not possible, because MD5 is a hashing function, not an encryption function. MD5 can map any set of the infinite possible data sets into only 128 bits. That means there are a lot (an infinite number, actually) of different sets of data which will all map to the exact same 128 bits, so therefore there is no way to determine which of those data sets was used as the input for those 128 bits, and therefore decryption is not possible.

Do some research about MD5. It was first released in 1992. Only one year later they were already finding a way to produce limited collisions, where you can find 2 different things which produce the same MD5 hash. Collisions make the algorithm useless for security. In 1996 another collision method was created, and that was enough to convince security professionals to avoid using MD5 for anything related to security. That was in 1996, that's 21 years ago. MD5 has not been suitable for security for 21 years. In 2004 an attack was found for the full MD5 function, rendering it completely useless for security. That attack ran in 1 hour on on an IBM cluster. In 2013 another attack was discovered which runs in less than 1 second on a regular computer. That means it takes less than 1 second to find a string which results in a given MD5 hash. This is why MD5 has not been used for security purposes by people who know what they're doing for 21 years.

So, that "MD5 decryption" site you're linking to could be using that 1 second attack. Or, more likely, the people who run the MD5 encrypt and MD5 decrypt websites are the same person running the two sites on the same server with the same database. Every time you "encrypt" something, it adds your text and the hash to the database, and when you go to the decryption site to look it up, it just looks up the hash in the same database and spits back the text you entered. It's just a database lookup. It's not decryption.
Was This Post Helpful? 4
  • +
  • -

#25 jon.kiparsky  Icon User is online

  • Chinga la migra
  • member icon


Reputation: 10690
  • View blog
  • Posts: 18,307
  • Joined: 19-March 11

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 06:12 PM

The brilliant thing is, they're using you to improve their rainbow tables
Was This Post Helpful? 2
  • +
  • -

#26 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3715
  • Posts: 13,474
  • Joined: 08-August 08

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 09:44 PM

View PostSkydiver, on 02 November 2017 - 04:01 PM, said:

That site cheats. It's a learning rainbow table. :)

To demonstrate the point, I input:
Md5 Hash:
b5ec4551d45a345adb010f8c41cd0314

Result:
Sorry, this MD5 hash wasn't found in our database

I had used this to get the hash:
    echo md5("[email protected]!");


Was This Post Helpful? 0
  • +
  • -

#27 Radius Nightly  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 91
  • Joined: 07-May 15

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 10:37 PM

I check it, you are right, its not possible for MD5, its good to know about that site cheats, confusing, maybe it was something else, not MD5, but i dont remember well because it was long time ago, around 15 years or so, but im pretty sure i saw "MD5" somewhere around passwords in their code, i was trying to break it (couldnt change mail because previous one was down, another company bought them, and delete all mails, to find/reset my password become impossible, but it was saved as remember me), successfully, but i dont remember too much.

Didnt need any encryption in the code, was learning all about that before (and yeah i did MD5 research), but this site made me confused with my old memory, in case i would need it, whats best option ATM?

This post has been edited by Radius Nightly: 02 November 2017 - 10:38 PM

Was This Post Helpful? 0
  • +
  • -

#28 snoopy11  Icon User is online

  • Engineering ● Software
  • member icon

Reputation: 1377
  • View blog
  • Posts: 4,319
  • Joined: 20-March 10

Re: Just shoot me... Base64 as encryption

Posted 02 November 2017 - 10:47 PM

Possibly AES,

https://en.wikipedia...yption_Standard

definitely not a Caesar Cipher... ;)
Was This Post Helpful? 0
  • +
  • -

#29 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 5898
  • View blog
  • Posts: 20,138
  • Joined: 05-May 12

Re: Just shoot me... Base64 as encryption

Posted 03 November 2017 - 09:02 AM

Maybe I should have suggested that they only store the MD5 hash of the password. The can use that website if ever they (or somebody else) ever needs to retrieve the original password. :)
Was This Post Helpful? 0
  • +
  • -

#30 jon.kiparsky  Icon User is online

  • Chinga la migra
  • member icon


Reputation: 10690
  • View blog
  • Posts: 18,307
  • Joined: 19-March 11

Re: Just shoot me... Base64 as encryption

Posted 03 November 2017 - 09:11 AM

View PostRadius Nightly, on 03 November 2017 - 12:37 AM, said:

I check it, you are right, its not possible for MD5, its good to know about that site cheats, confusing, maybe it was something else, not MD5, but i dont remember well because it was long time ago, around 15 years or so, but im pretty sure i saw "MD5" somewhere around passwords in their code, i was trying to break it (couldnt change mail because previous one was down, another company bought them, and delete all mails, to find/reset my password become impossible, but it was saved as remember me), successfully, but i dont remember too much.


Typically, a site will not store a password, but instead will store a salted hash of that password. This is because the site doesn't need to know your password, it just needs to know that YOU know your password. If you enter a value that hashes to the same value that your password hashes to, it's safe to assume that you know the password. (see "secure hashes, difficulty of finding collisions in")
The advantage of this system is precisely that the owner of the site CAN'T decrypt your password - they don't want that information.
(of course, if someone gets your password database, they can use tricks like those discussed above to extract weak passwords, so use strong passwords. useful search terms: "Rainbow tables", "correct horse battery staple")
Was This Post Helpful? 2
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3