Author Topic: Algorithms and scambled characters  (Read 7057 times)

Offline pakoppany

  • Normal Members
  • *
  • Posts: 5
Algorithms and scambled characters
« on: October 01, 2006, 12:18:19 AM »
When checking out the online I see many hash algothms that can be used to create a password.

I tried to check them in the internet but I couldn't find what I was looking for.  


Questions:

1. How many different passwords (without collision) each one of the algorithms can create with 200 different characters with a password length = 16 ?  (MD4,SHA-256...). Yes, 200 DIFFERENT characters java script:ZXzc();emoticon(':wub:', 'smid_20')

2. If I change the position of the characters  in the characters field (scramble them a bit) will my already created password for a particular website change?

For example : character field contains  abcdefghijk12345  ===> creates a ficticious password  xxxyyyzzzzzyyxx.

Now I change in the character field to   12345abcdefghijk ==> the password generated will be different form the ficticuious password  xxxyyyzzzzzyyxx created earlier ?


xxxyyyzzzzzyyxx = any combination of the characters in the character field.

 


Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Algorithms and scambled characters
« Reply #1 on: October 01, 2006, 02:11:36 AM »
Number 1 requires too much math for my mind this time of night.

2) If the character field is asdfjkl; and it generates aaffls, changing it to ;lkjfdsa will result in ;;jjsl I think, so changing the characters will change the password.
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Algorithms and scambled characters
« Reply #2 on: October 02, 2006, 01:15:55 AM »
Hello,

The answer to your first question is roughly 16^200 (16 raised to the 200th power) for all hash algorithms. That is 6.6680144328798542740798517907213e+240 different passwords (there aren't that many particles in the universe). The hash algorithm you choose doesn't affect the number of passwords. Even though the algorithms generate hashes of different bit lengths, the algorithms are executed cyclically until the password length you desire is generated.

The answer to the second question, as miquelfire pointed out, is yes: order of the characters is relevant.

HTH,
Eric
« Last Edit: October 02, 2006, 01:16:53 AM by Eric H. Jung »

Offline morguns

  • Full Member
  • ***
  • Posts: 145
Algorithms and scambled characters
« Reply #3 on: October 02, 2006, 02:31:50 AM »
in redneck-speak it would translate roughly to: a crazy-insane number :)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Algorithms and scambled characters
« Reply #4 on: October 05, 2006, 09:37:03 PM »
By the way, my calculation was based on all 200 characters being unique. If they're not all unique, then the number of passwords is smaller. If they are all unique, you must be using Unicode characters  and you've probably got smiley faces and Wingdings in your passwords
« Last Edit: October 05, 2006, 09:37:22 PM by Eric H. Jung »

Offline pakoppany

  • Normal Members
  • *
  • Posts: 5
Algorithms and scambled characters
« Reply #5 on: October 05, 2006, 11:06:49 PM »
Quote from: Eric H. Jung
By the way, my calculation was based on all 200 characters being unique. If they're not all unique, then the number of passwords is smaller. If they are all unique, you must be using Unicode characters  and you've probably got smiley faces and Wingdings in your passwords

You are right, I used Unicode.

Well, the 200 characters seems to me a little too much and on top of it there are some characters that I can't print out so the new list has somed 120 and even then I bet I have some unicode.
The list I build was using the normal list a-z 0-9 and so on and added some from the charmap.

Thanks for the help.

Pako


Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Algorithms and scambled characters
« Reply #6 on: October 06, 2006, 12:25:49 PM »
Eric - I recall a discussion - and I believe there is a FR for this - that you thought it would be possible to determine the min/max password length requirements for sites when creating passwords...

Is it even remotely possible to do the same thing with allowed/illegal characters? That is the biggest problem I have when setting up new accounts. Most sites that are problematic don't even make it easy to find out what characters are considered illegal - and I've even run into a few that don't allow upper case alpha characters (stupid, stupid)...

Anyway, this is one of my pet peeves with online accounts, but nothing to do with PWM - unless, of course, it *could* detect this somehow. I'm not holding out much hope that it can, though...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Algorithms and scambled characters
« Reply #7 on: October 06, 2006, 03:10:56 PM »
Quote
Is it even remotely possible to do the same thing with allowed/illegal characters?
Unfortunately not. The only possibility is something that ebreyed recommended once in another thread: create an online database of characters allowed at various sites. PasswordMaker users would contribute to the database, and PasswordMaker would query it when you setup a new account.

It's way too much work for little return, so I'm not really interested in that solution.

PasswordMaker Forums

Algorithms and scambled characters
« Reply #7 on: October 06, 2006, 03:10:56 PM »