Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Uncrackable Encryption

  1. Home
  2. Forum
  3. Off Topic
  4. Uncrackable Encryption

bl4ckc4t's Avatar

bl4ckc4t

Banned
0 0

I know, I know, no encryption is uncrackable. But this one is going to be harder than any to crack. I spent several hours thinking of ways to make it harder for us to crack into a website. it would be harder even if we had access to the bakups.

The concept is, stack encryption algorithms on top of each other, forming them into one, causing one encryption that will take decades to crack even if it is a 3 letter password. SHA-1 is 160 bit encryption. MD5 is 128 bit encryption.

For now, MD5 is most used, but easiest to crack.

Heres the code for the index.php or html, whichever you prefer:

First Name:
<input type="text" name="firstname">
<br>
Password
<input type="password" name="password">
<br>
<input type="submit" value="Submit">
</form>```
You see, it uses the post method for those looking over your shoulder at your URL.

Heres the login.php:
```markup
<?php
$name=$_POST['firstname'];
$pass=$_POST['password'];
$file="login.php";
$hash1=sha1("$name");
$hash2=sha1("$pass");
$hash3=sha1_file("login.php");
$encrypt=md5(sha1("$hash1.$hash2.$hash3"));
echo "hash is: $encrypt";
?>```

You see it starts by getting the user and pass.
It then uses SHA-1 to hash the user and password separately.
It then creates a hash of the login.php.
After all these hashes have been generated, it then uses them as salts on top of each other to double dutch them into an MD5 hash.

Lets calculate that:
2 beginning sets of SHA-1
Thats 360 bits
add the digital checksum of the login.php
540 bits

take that 540 times another 180 bits
97,200 bits times the 128 bit encryption of MD5
12,441,600 bits TOTAL.

Thats a lot of bits. Even the NSA wouldn't be able to crack that without a few decades work. I would have to say it would be illegal in a lot of the world but it will be damn secure ;)

Say someone got your backups. The hash they get is double dutched with MD5 on top, they would have to wait for it to crack- showing an SHA-1 hash. They begin cracking the SHA-1 hash. OH LOOK! 3 more SHA hashes to crack.

As we all know, brute forcing a password over 6 characters is a pain. try brute forcing that double dutch rendering the MD5 into 40 characters. That in turn is 120 char + a couple of periods. The login.php hash will have a lot of char in it if someone doesn't know which is which. the username can have alot of char, if the person is smart, the pass will be at least 8 characters.

What do you all think? I might make this into an article too.

And yes, I wrote out the code, I wrote out the algorithm I thought it up after thinking and decided to share.
Bl4ckC4t

[edit was to fix code tags]

ghost's Avatar

ghost

0 0

Thats not really your own encryption though. You have just done what loads of other people have already done. Made something secure my adding loads and loads of encryptions over the top, you could do;

$string = sha1(md5(sha1(sha1(sha1(sha1(sha1(md5(md5(sha1($oldstring . $salt1) . $salt2) . $salt3) . $salt4) . $sal5) . $salt6) . $salt7) . $salt8) . $salt9) . $salt10);


bl4ckc4t's Avatar

bl4ckc4t

Banned
0 0

mozzer wrote: Thats not really your own encryption though. You have just done what loads of other people have already done. Made something secure my adding loads and loads of encryptions over the top, you could do;

$string = sha1(md5(sha1(sha1(sha1(sha1(sha1(md5(md5(sha1($oldstring . $salt1) . $salt2) . $salt3) . $salt4) . $sal5) . $salt6) . $salt7) . $salt8) . $salt9) . $salt10);

That would overload your server. I was looking for efficiency as well as security. I tried to make the least amount of SQL space and the most about of encryption without bogging down the server. Although, you seem to get the idea of what I am saying.

I need to see if I can come up with an algorithm.

-BC


bl4ckc4t's Avatar

bl4ckc4t

Banned
0 0

mozzer wrote: Thats not really your own encryption though. You have just done what loads of other people have already done. Made something secure my adding loads and loads of encryptions over the top, you could do;

$string = sha1(md5(sha1(sha1(sha1(sha1(sha1(md5(md5(sha1($oldstring . $salt1) . $salt2) . $salt3) . $salt4) . $sal5) . $salt6) . $salt7) . $salt8) . $salt9) . $salt10);

That would overload your server. I was looking for efficiency as well as security. I tried to make the least amount of SQL space and the most about of encryption without bogging down the server. Although, you seem to get the idea of what I am saying.

I need to see if I can come up with an algorithm.

-BC


AldarHawk's Avatar

AldarHawk

The Manager
0 0

bl4ckc4t wrote: Lets calculate that: 2 beginning sets of SHA-1 Thats 360 bits add the digital checksum of the login.php 540 bits

take that 540 times another 180 bits 97,200 bits times the 128 bit encryption of MD5 12,441,600 bits TOTAL.

Thats a lot of bits. Even the NSA wouldn't be able to crack that without a few decades work. I would have to say it would be illegal in a lot of the world but it will be damn secure ;)

Say someone got your backups. The hash they get is double dutched with MD5 on top, they would have to wait for it to crack- showing an SHA-1 hash. They begin cracking the SHA-1 hash. OH LOOK! 3 more SHA hashes to crack. [edit was to fix code tags]

First of all it will not be a 12,441,600 bit encryption…all it would be is a multilayered encryption. the encrypted text is still just 128/160. read over the algorithms for MD5 and SHA1 and you will look deeper into a true algorithm. There are many other encryptions out there that will make this much more secure. Try adding things like salting to each level of encryption. DES Crypt each step after you MD5/SHA1 it. or even attempt harder bits still. You could look over SHA512 algorithm and attempt to better it. or even 1024 bit RSA encryption. you could even take another step up to 2048 bit encryption.

In final your encryption is not an algorithm but the compounding of many other peoples algorithms to make an encryption that is just as easy to crack as any other becase MD5 collides at something like 32 characters and SHA1 at somewhere around 40. so if you take an algorithm and hash it thousands of times you could end up with it being the same as someone putting in the letter a or the number 2.

Stick with well known encryption methods and do not attempt to hack a new one together. if anything SALT your encryptions making it harder to crack.

Anyways that is my rant.


bl4ckc4t's Avatar

bl4ckc4t

Banned
0 0

AldarHawk wrote: [quote]bl4ckc4t wrote: Lets calculate that: 2 beginning sets of SHA-1 Thats 360 bits add the digital checksum of the login.php 540 bits

take that 540 times another 180 bits 97,200 bits times the 128 bit encryption of MD5 12,441,600 bits TOTAL.

Thats a lot of bits. Even the NSA wouldn't be able to crack that without a few decades work. I would have to say it would be illegal in a lot of the world but it will be damn secure ;)

Say someone got your backups. The hash they get is double dutched with MD5 on top, they would have to wait for it to crack- showing an SHA-1 hash. They begin cracking the SHA-1 hash. OH LOOK! 3 more SHA hashes to crack. [edit was to fix code tags]

First of all it will not be a 12,441,600 bit encryption…all it would be is a multilayered encryption. the encrypted text is still just 128/160. read over the algorithms for MD5 and SHA1 and you will look deeper into a true algorithm. There are many other encryptions out there that will make this much more secure. Try adding things like salting to each level of encryption. DES Crypt each step after you MD5/SHA1 it. or even attempt harder bits still. You could look over SHA512 algorithm and attempt to better it. or even 1024 bit RSA encryption. you could even take another step up to 2048 bit encryption.

In final your encryption is not an algorithm but the compounding of many other peoples algorithms to make an encryption that is just as easy to crack as any other becase MD5 collides at something like 32 characters and SHA1 at somewhere around 40. so if you take an algorithm and hash it thousands of times you could end up with it being the same as someone putting in the letter a or the number 2.

Stick with well known encryption methods and do not attempt to hack a new one together. if anything SALT your encryptions making it harder to crack.

Anyways that is my rant.[/quote]

In response -

I was up quite late last night, I meant to say if you added the bits together, theres a total of that many bits involved, I should have been more clear. I, however did mention that It wasn't unnecessarily an algorithm, this is a proof of concept of hashing several types of hashes together to form a harder to crack md5. Although, I like your idea on looking through SHA-256 algorithm, maybe I can better it.

Bl4ckC4t