Messing around in python3 and i am wondering how safe/ how long would this take to hack/crack?
code Here
output when password is "admin" and hash amount is 100 Paste bin
Asked
Active
Viewed 212 times
-3
-
I'm not sure this is answerable – schroeder Jan 28 '16 at 20:25
-
@schroeder how come? – user3788435 Jan 28 '16 at 20:26
-
There are a ton of factors to consider. Too many to account for. – schroeder Jan 28 '16 at 20:30
-
Go read [How to securely hash passwords?](https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords). It explains everything you need to know. – Neil Smithline Jan 28 '16 at 21:37
-
Are you aware that you code just spits out a bunch of NULL bytes? Congratulations, your password hashes are unbreakable! ... but also unusable. – Zv_oDD Jan 29 '16 at 04:13
1 Answers
0
I don't see any useful question here. This is just code which is not used anywhere. It is asking a theoretical question how long it would take to hack such a thing, without given any kind of context how and where this would be used.
In reality it is not that important how long it takes to crack some new algorithm, since there are enough algorithms out there which are known to be good. So why invent a new one? And even if the algorithms itself is to hard to hack the attacker can often use other ways to reach the goal, i.e. use a badly implemented password recovery, SQL injection, Cross Site Scripting etc.
Thus don't focus on reinventing something which has already solutions, but focus on the overall security of your (unknown) system you are trying to protect. For instance if the attacker is able to add its own fake implementation of the hashlib library at the beginning of your python include path then the attacker can control the full output of your super secure algorithm and thus can crack every passwords easily.
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-
i am not trying to re-invent the already invented. i am just being curious while i am learning/exploring python. The aim of the program is a simple login system my teacher asked me to make [Code Here](http://pastebin.com/QHUqBfZK) – user3788435 Jan 28 '16 at 20:42
-
@user3788435: hashes like SHA-2 are optimized for speed - which is exactly not what you want if somebody got access to your database of hashed passwords. There are specific algorithms for passwords which try to slow down brute force attacks and you better use these. – Steffen Ullrich Jan 28 '16 at 20:46
-
-
1@user3788435: see https://en.wikipedia.org/wiki/Cryptographic_hash_function#Password_verification – Steffen Ullrich Jan 28 '16 at 20:59