Need script that generates password using MD5sum [solved]

For discussions about programming, programming questions/advice, and projects that don't really have anything to do with Puppy.
Post Reply
Message
Author
User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

Need script that generates password using MD5sum [solved]

#1 Post by Barkin »

I’m trying produce a program to automate my version of creating passwords which uses the MD5sum function twice.

I create a password for an encrypted file which is derived from the file_name using the following formula …

MD5(MD5(file_name+string1)string2)

i.e. the hexadecimal result of MD5(file_name+string1) is treated as text string, appended with string2, then a MD5 is calculated of that concatenated string, e.g. …

file_name = “secret
Last edited by Barkin on Sat 17 Nov 2012, 05:12, edited 1 time in total.

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#2 Post by SFR »

Hey Barkin.

Could be something like this?

Code: Select all

#! /bin/bash

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 3 ] && echo -e "Usage:\n$MYNAME <filename> <string1> <string2>" && exit 1

file_name="$1"
string1="$2"
string2="$3"

THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ')

# And the final (optional) twist ;)
THE_TWISTED_SUM="A${THE_SUM:1:30}Z"

echo "$THE_TWISTED_SUM"
You can call this script from a terminal, eg: script_name secret puppy Linux

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#3 Post by Barkin »

SFR wrote:Hey Barkin.
Could be something like this?
Thanks SFR,

my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).

So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.

BTW I’m a complete novice at this :oops: , how do you get a bash scrip to run from the command line ?. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).
Last edited by Barkin on Mon 05 Nov 2012, 22:10, edited 1 time in total.

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#4 Post by SFR »

Barkin wrote:my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).

So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.
Ok, so it'll be like this:

Code: Select all

#! /bin/bash 

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1 

file_name="$1" 
string1="puppy"
string2="Linux" 

THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ') 

# And the final (optional) twist ;) 
THE_TWISTED_SUM="A${THE_SUM:1:30}Z" 

echo "$THE_TWISTED_SUM"
Barkin wrote:BTW I’m a complete novice at this :oops: , how do you get a bash scrip to run from the command line. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).
Did you put "./" (without quotes) before the name of the scirpt?
If you're trying to run a script that is not located in one of the usual dirs for binaries (/bin or /usr/bin or /sbin etc.; you can see the full list by echo $PATH) then you have to provide full path to the script or, if you are already in the directory where the script is, it's enough:

Code: Select all

./script_name
PS. And don't put spaces in the filename of the script. :wink:

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#5 Post by Barkin »

SFR wrote:Did you put "./" (without quotes) before the name of the scirpt?
No, that's where I was going wrong ...

Thanks very much SFR : it would have taken me a month of Sundays to work that out myself.
Attachments
yesss.png
screengrab
(4.47 KiB) Downloaded 788 times

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#6 Post by Barkin »

New and improved encryption method , convert everything into md5s but treat md5s as strings
and add a sort of shuffle, e.g. ...

secret
5ebe2294ecd0e0f08eab7690d2a6ee69

puppy
9095eae491e5c0c17a2ef89477393ec4

Linux
edc9f0a5a5d57797bf68e37364743831

secretpuppy
5ebe2294ecd0e0f08eab7690d2a6ee699095eae491e5c0c17a2ef89477393ec4

md5(secretpuppy)
67a2d6c8963c9e1418fc295d44082c6e

Least significant half of md5(secretpuppy)
18fc295d44082c6e

Least significant half of Linux
bf68e37364743831

Combine halves to create md5 lookalike
18fc295d44082c6ebf68e37364743831

Do an md5 of the above md5 lookalike
bc81017d8c78f0adcb42187a8b30b282

optional twist
Ac81017d8c78f0adcb42187a8b30b28Z


[ NB: in practice the values for String1 & 2 should not be dictionary words like "puppy" and "Linux", and should be more than 9 characters long.
If possible include upper and lower case characters and some numbers ].

Code: Select all

#! /bin/bash

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1

file_name="$1"
String1="puppy"
String2="Linux"

# make md5 sums of file name , String1 & String2  
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')"
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')"
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')"

# note: in this program md5s are treated as strings rather than hexadecimal numbers 

# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string 
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')"

# get the least significant half of the md5(md5(file_name)+md5(String1))  
LHsumFNS1="${sumFNS1:16:16}"

# get the least significant half of the md5 of String2 
LHsumS2="${sumS2:16:16}"

# concatenate the two least significant half md5s to create a 32 character string
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky),
# then make an md5 of this 32 character string
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')"

# optional twist, substituting the first and last characters with upper case A & Z (or add what u like) 
twisted="A${sumFIN:1:30}Z"

# output results 
echo "Final md5 " "$sumFIN"
echo "twisted   " "$twisted"
Attachments
mdcry secret.png
(5.77 KiB) Downloaded 717 times

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#7 Post by SFR »

Hey Barkin.

Nice one, I didn't notice before how you've extended the script.

I've been thinking how to increase password's strenght, to go beyond hex digits and AZ twist, and figured out that uuencode could be a good choice to produce a string consisting of upper case alpha + special characters (optional).

Check it out:

Code: Select all

#! /bin/bash 

MYNAME="$(basename $0)"		# 'readlink' wasn't necessary here, my bad...

[ "$#" -ne 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1 

file_name="$1"
String1="puppy"
String2="Linux"

# make md5 sums of file name , String1 & String2  
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')" 
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')" 
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')" 

# note: in this program md5s are treated as strings rather than hexadecimal numbers 

# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string 
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')" 

# get the least significant half of the md5(md5(file_name)+md5(String1))  
LHsumFNS1="${sumFNS1:16:16}" 

# get the least significant half of the md5 of String2 
LHsumS2="${sumS2:16:16}" 

# concatenate the two least significant half md5s to create a 32 character string 
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky), 
# then make an md5 of this 32 character string 
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')" 


# uuencode doubled sumFIN and trim out all digits - they're already present in md5sum
uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -d '[:digit:]')"
# Optional, if special characters are not desired:
#uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -cd '[:alpha:]')"

# Mix even chars from sumFIN (in reversed order) with first 16 chars from uu_TWIST
MIXED=
for i in {0..15}; do
  MIXED="$MIXED""${sumFIN:$((31-$i*2)):1}${uu_TWIST:$i:1}"
done

# optional twist, substituting the first and last characters with upper case A & Z (or add what u like) 
#twisted="A${sumFIN:1:30}Z" 
twisted="A${MIXED:1:30}Z"

# output results 
echo -e "Final md5 \t\t\t" "$sumFIN"
echo -e "UU_twist (alone) \t\t" "$uu_TWIST"
echo -e "Final md5 mixed with UU_twist \t" "$MIXED"
echo -e "twisted \t\t\t" "$twisted"
Greetings!
Attachments
screenshot.png
(89.81 KiB) Downloaded 742 times
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
vovchik
Posts: 1507
Joined: Tue 24 Oct 2006, 00:02
Location: Ukraine

#8 Post by vovchik »

Dear guys and gals,

i did this thing some time ago and it works OK:

http://www.murga-linux.com/puppy/viewtopic.php?t=53478

With kind regards,
vovchik

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#9 Post by Barkin »

Re: SFR

The uuencode really obfuscates matters, which is a good thing, (the computer equivalent of Latin :¬).

but there’s no way I could do that manually, e.g. if I had to read files I’d encrypted using a borrowed / public computer which only had Windows OS.

I have MD5 calculators which work in-browser so can be used on any OS which has an internet browser which has javascript. So simple MD5 manipulations I could perform on any computer, even if I didn’t have access to the internet.

Reading up on this I’ve discovered adding computational effort is the secret to making encryption keys difficult to crack , see PBKDF2 ... https://en.wikipedia.org/wiki/PBKDF2 )

So some sort of iterative process where the output is recycled as the input thousands of times, (again I couldn't do this manually).
The new added twist I thought of was rotating the characters of the salt, e.g. “puppy
Attachments
output of ''bpwgen'' has inconsistent results.png
Screengrab of console showing different bpwgen results for constant input string
(7.31 KiB) Downloaded 745 times

User avatar
vovchik
Posts: 1507
Joined: Tue 24 Oct 2006, 00:02
Location: Ukraine

#10 Post by vovchik »

Dear Barkin,

You can change my source for bpwgen not to use randimizing or try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.

With kind regards,
vovchik

PS. Should I post a binary?

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#11 Post by Barkin »

vovchik wrote:... try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.
Thanks for that: I didn't know an MD5 function could be called by a BASIC program.

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#12 Post by SFR »

I have bpwgen in my collection since a year maybe...and completely forgot about it! :oops:
Thanks for reminding me, really cool app, i love all kind of 1337 G3n=R@+0r$.
(I have the other one too).
Barkin wrote:The new added twist I thought of was rotating the characters of the salt, e.g. “puppy
Attachments
screenshot.png
(37.14 KiB) Downloaded 624 times
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#13 Post by Barkin »

SFR wrote:I don't clearly understand, so the limit will be fixed or 'String's_Lenght +1' ?

Anyway, I was tinkering a little on this subject and ended up with this (I made it stand alone); it covers options no.1 (fixed iterations):
That’s exactly what I had in mind, excellent, the iterations are not limited by the salt string length. I only used the short word “puppy
Attachments
rotmd5-tweaked.png
Screengrab of output of rotmd5t, tweaked version of rotmd5.
(2.77 KiB) Downloaded 620 times
reverse MD5 lookup for dictionary words is possible.png
screengrab from http://www.md5decrypter.co.uk/
(10.68 KiB) Downloaded 612 times

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#14 Post by Barkin »

nakedsecurity.sophos.com wrote:You simply must use many iterations of your chosen hash, to slow down crackers by making brute-force attacks harder by a factor as big as the number of iterations.
http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/

Post Reply