Need script that generates password using MD5sum [solved]
Need script that generates password using MD5sum [solved]
I’m trying produce a program to automate my version of creating passwords which uses the MD5sum function twice.
I create a password for an encrypted file which is derived from the file_name using the following formula …
MD5(MD5(file_name+string1)string2)
i.e. the hexadecimal result of MD5(file_name+string1) is treated as text string, appended with string2, then a MD5 is calculated of that concatenated string, e.g. …
file_name = “secret
I create a password for an encrypted file which is derived from the file_name using the following formula …
MD5(MD5(file_name+string1)string2)
i.e. the hexadecimal result of MD5(file_name+string1) is treated as text string, appended with string2, then a MD5 is calculated of that concatenated string, e.g. …
file_name = “secret
Last edited by Barkin on Sat 17 Nov 2012, 05:12, edited 1 time in total.
Hey Barkin.
Could be something like this?
You can call this script from a terminal, eg: script_name secret puppy Linux
Greetings!
Could be something like this?
Code: Select all
#! /bin/bash
MYNAME="$(basename $(readlink -e $0))"
[ "$#" -lt 3 ] && echo -e "Usage:\n$MYNAME <filename> <string1> <string2>" && exit 1
file_name="$1"
string1="$2"
string2="$3"
THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ')
# And the final (optional) twist ;)
THE_TWISTED_SUM="A${THE_SUM:1:30}Z"
echo "$THE_TWISTED_SUM"
Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
[b][color=green]Omnia mea mecum porto.[/color][/b]
Thanks SFR,SFR wrote:Hey Barkin.
Could be something like this?
my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).
So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.
BTW I’m a complete novice at this , how do you get a bash scrip to run from the command line ?. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).
Last edited by Barkin on Mon 05 Nov 2012, 22:10, edited 1 time in total.
Ok, so it'll be like this:Barkin wrote:my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).
So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.
Code: Select all
#! /bin/bash
MYNAME="$(basename $(readlink -e $0))"
[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1
file_name="$1"
string1="puppy"
string2="Linux"
THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ')
# And the final (optional) twist ;)
THE_TWISTED_SUM="A${THE_SUM:1:30}Z"
echo "$THE_TWISTED_SUM"
Did you put "./" (without quotes) before the name of the scirpt?Barkin wrote:BTW I’m a complete novice at this , how do you get a bash scrip to run from the command line. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).
If you're trying to run a script that is not located in one of the usual dirs for binaries (/bin or /usr/bin or /sbin etc.; you can see the full list by echo $PATH) then you have to provide full path to the script or, if you are already in the directory where the script is, it's enough:
Code: Select all
./script_name
Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
[b][color=green]Omnia mea mecum porto.[/color][/b]
No, that's where I was going wrong ...SFR wrote:Did you put "./" (without quotes) before the name of the scirpt?
Thanks very much SFR : it would have taken me a month of Sundays to work that out myself.
- Attachments
-
- yesss.png
- screengrab
- (4.47 KiB) Downloaded 788 times
New and improved encryption method , convert everything into md5s but treat md5s as strings
and add a sort of shuffle, e.g. ...
secret
5ebe2294ecd0e0f08eab7690d2a6ee69
puppy
9095eae491e5c0c17a2ef89477393ec4
Linux
edc9f0a5a5d57797bf68e37364743831
secretpuppy
5ebe2294ecd0e0f08eab7690d2a6ee699095eae491e5c0c17a2ef89477393ec4
md5(secretpuppy)
67a2d6c8963c9e1418fc295d44082c6e
Least significant half of md5(secretpuppy)
18fc295d44082c6e
Least significant half of Linux
bf68e37364743831
Combine halves to create md5 lookalike
18fc295d44082c6ebf68e37364743831
Do an md5 of the above md5 lookalike
bc81017d8c78f0adcb42187a8b30b282
optional twist
Ac81017d8c78f0adcb42187a8b30b28Z
[ NB: in practice the values for String1 & 2 should not be dictionary words like "puppy" and "Linux", and should be more than 9 characters long.
If possible include upper and lower case characters and some numbers ].
and add a sort of shuffle, e.g. ...
secret
5ebe2294ecd0e0f08eab7690d2a6ee69
puppy
9095eae491e5c0c17a2ef89477393ec4
Linux
edc9f0a5a5d57797bf68e37364743831
secretpuppy
5ebe2294ecd0e0f08eab7690d2a6ee699095eae491e5c0c17a2ef89477393ec4
md5(secretpuppy)
67a2d6c8963c9e1418fc295d44082c6e
Least significant half of md5(secretpuppy)
18fc295d44082c6e
Least significant half of Linux
bf68e37364743831
Combine halves to create md5 lookalike
18fc295d44082c6ebf68e37364743831
Do an md5 of the above md5 lookalike
bc81017d8c78f0adcb42187a8b30b282
optional twist
Ac81017d8c78f0adcb42187a8b30b28Z
[ NB: in practice the values for String1 & 2 should not be dictionary words like "puppy" and "Linux", and should be more than 9 characters long.
If possible include upper and lower case characters and some numbers ].
Code: Select all
#! /bin/bash
MYNAME="$(basename $(readlink -e $0))"
[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1
file_name="$1"
String1="puppy"
String2="Linux"
# make md5 sums of file name , String1 & String2
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')"
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')"
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')"
# note: in this program md5s are treated as strings rather than hexadecimal numbers
# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')"
# get the least significant half of the md5(md5(file_name)+md5(String1))
LHsumFNS1="${sumFNS1:16:16}"
# get the least significant half of the md5 of String2
LHsumS2="${sumS2:16:16}"
# concatenate the two least significant half md5s to create a 32 character string
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky),
# then make an md5 of this 32 character string
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')"
# optional twist, substituting the first and last characters with upper case A & Z (or add what u like)
twisted="A${sumFIN:1:30}Z"
# output results
echo "Final md5 " "$sumFIN"
echo "twisted " "$twisted"
- Attachments
-
- mdcry secret.png
- (5.77 KiB) Downloaded 717 times
Hey Barkin.
Nice one, I didn't notice before how you've extended the script.
I've been thinking how to increase password's strenght, to go beyond hex digits and AZ twist, and figured out that uuencode could be a good choice to produce a string consisting of upper case alpha + special characters (optional).
Check it out:
Greetings!
Nice one, I didn't notice before how you've extended the script.
I've been thinking how to increase password's strenght, to go beyond hex digits and AZ twist, and figured out that uuencode could be a good choice to produce a string consisting of upper case alpha + special characters (optional).
Check it out:
Code: Select all
#! /bin/bash
MYNAME="$(basename $0)" # 'readlink' wasn't necessary here, my bad...
[ "$#" -ne 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1
file_name="$1"
String1="puppy"
String2="Linux"
# make md5 sums of file name , String1 & String2
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')"
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')"
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')"
# note: in this program md5s are treated as strings rather than hexadecimal numbers
# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')"
# get the least significant half of the md5(md5(file_name)+md5(String1))
LHsumFNS1="${sumFNS1:16:16}"
# get the least significant half of the md5 of String2
LHsumS2="${sumS2:16:16}"
# concatenate the two least significant half md5s to create a 32 character string
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky),
# then make an md5 of this 32 character string
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')"
# uuencode doubled sumFIN and trim out all digits - they're already present in md5sum
uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -d '[:digit:]')"
# Optional, if special characters are not desired:
#uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -cd '[:alpha:]')"
# Mix even chars from sumFIN (in reversed order) with first 16 chars from uu_TWIST
MIXED=
for i in {0..15}; do
MIXED="$MIXED""${sumFIN:$((31-$i*2)):1}${uu_TWIST:$i:1}"
done
# optional twist, substituting the first and last characters with upper case A & Z (or add what u like)
#twisted="A${sumFIN:1:30}Z"
twisted="A${MIXED:1:30}Z"
# output results
echo -e "Final md5 \t\t\t" "$sumFIN"
echo -e "UU_twist (alone) \t\t" "$uu_TWIST"
echo -e "Final md5 mixed with UU_twist \t" "$MIXED"
echo -e "twisted \t\t\t" "$twisted"
- Attachments
-
- screenshot.png
- (89.81 KiB) Downloaded 742 times
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
[b][color=green]Omnia mea mecum porto.[/color][/b]
Dear guys and gals,
i did this thing some time ago and it works OK:
http://www.murga-linux.com/puppy/viewtopic.php?t=53478
With kind regards,
vovchik
i did this thing some time ago and it works OK:
http://www.murga-linux.com/puppy/viewtopic.php?t=53478
With kind regards,
vovchik
Re: SFR
The uuencode really obfuscates matters, which is a good thing, (the computer equivalent of Latin :¬).
but there’s no way I could do that manually, e.g. if I had to read files I’d encrypted using a borrowed / public computer which only had Windows OS.
I have MD5 calculators which work in-browser so can be used on any OS which has an internet browser which has javascript. So simple MD5 manipulations I could perform on any computer, even if I didn’t have access to the internet.
Reading up on this I’ve discovered adding computational effort is the secret to making encryption keys difficult to crack , see PBKDF2 ... https://en.wikipedia.org/wiki/PBKDF2 )
So some sort of iterative process where the output is recycled as the input thousands of times, (again I couldn't do this manually).
The new added twist I thought of was rotating the characters of the salt, e.g. “puppy
The uuencode really obfuscates matters, which is a good thing, (the computer equivalent of Latin :¬).
but there’s no way I could do that manually, e.g. if I had to read files I’d encrypted using a borrowed / public computer which only had Windows OS.
I have MD5 calculators which work in-browser so can be used on any OS which has an internet browser which has javascript. So simple MD5 manipulations I could perform on any computer, even if I didn’t have access to the internet.
Reading up on this I’ve discovered adding computational effort is the secret to making encryption keys difficult to crack , see PBKDF2 ... https://en.wikipedia.org/wiki/PBKDF2 )
So some sort of iterative process where the output is recycled as the input thousands of times, (again I couldn't do this manually).
The new added twist I thought of was rotating the characters of the salt, e.g. “puppy
- Attachments
-
- output of ''bpwgen'' has inconsistent results.png
- Screengrab of console showing different bpwgen results for constant input string
- (7.31 KiB) Downloaded 745 times
Dear Barkin,
You can change my source for bpwgen not to use randimizing or try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.
With kind regards,
vovchik
PS. Should I post a binary?
You can change my source for bpwgen not to use randimizing or try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.
With kind regards,
vovchik
PS. Should I post a binary?
Thanks for that: I didn't know an MD5 function could be called by a BASIC program.vovchik wrote:... try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.
I have bpwgen in my collection since a year maybe...and completely forgot about it!vovchik wrote:http://www.murga-linux.com/puppy/viewtopic.php?t=53478
Thanks for reminding me, really cool app, i love all kind of 1337 G3n=R@+0r$.
(I have the other one too).
Barkin wrote:The new added twist I thought of was rotating the characters of the salt, e.g. “puppy
- Attachments
-
- screenshot.png
- (37.14 KiB) Downloaded 624 times
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
[b][color=green]Omnia mea mecum porto.[/color][/b]
That’s exactly what I had in mind, excellent, the iterations are not limited by the salt string length. I only used the short word “puppySFR wrote:I don't clearly understand, so the limit will be fixed or 'String's_Lenght +1' ?
Anyway, I was tinkering a little on this subject and ended up with this (I made it stand alone); it covers options no.1 (fixed iterations):
- Attachments
-
- rotmd5-tweaked.png
- Screengrab of output of rotmd5t, tweaked version of rotmd5.
- (2.77 KiB) Downloaded 620 times
-
- reverse MD5 lookup for dictionary words is possible.png
- screengrab from http://www.md5decrypter.co.uk/
- (10.68 KiB) Downloaded 612 times
http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/nakedsecurity.sophos.com wrote:You simply must use many iterations of your chosen hash, to slow down crackers by making brute-force attacks harder by a factor as big as the number of iterations.