 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Sat 08 Mar 2014, 11:47 All times are UTC - 4 |
 Forum index » Off-Topic Area » Programming |
|
Need script that generates password using MD5sum [solved]
|
 
|
View previous topic :: View next topic |
| Page 1 of 1 [14 Posts] |
| Author | Message | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Barkin
 Joined: 12 Aug 2011 Posts: 592 |
I’m trying produce a program to automate my version of creating passwords which uses the MD5sum function twice. I create a password for an encrypted file which is derived from the file_name using the following formula … MD5(MD5(file_name+string1)string2) i.e. the hexadecimal result of MD5(file_name+string1) is treated as text string, appended with string2, then a MD5 is calculated of that concatenated string, e.g. … file_name = “secret” String 1 = “puppy” String 2 = “Linux” MD5(MD5(file_name+string1)string2) => MD5(MD5(secretpuppy)Linux) => MD5(34b89fb99e33b530fb8719728db4618bLinux) => fe2849a306625b1d2b08c05c712365b2 i.e. the password for file called “secret” is “fe2849a306625b1d2b08c05c712365b2” I know it is possible to calculate MD5 from the CLI in puppy , http://puppylinux.org/wikka/md5sum but don’t know how to write a script to automate the above process. [ PS as a final twist I would like to substitute the first and last characters of the final MD5 with the upper case letters “A” and “Z” , giving "Ae2849a306625b1d2b08c05c712365bZ" , but that’s optional ] Last edited by Barkin on Sat 17 Nov 2012, 01:12; edited 1 time in total |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
 |
|||||||||||||||||||||||||||||||||
SFR
 Joined: 26 Oct 2011 Posts: 837 |
Hey Barkin. Could be something like this?
You can call this script from a terminal, eg: script_name secret puppy Linux Greetings! _________________ [O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource Omnia mea mecum porto. |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
Thanks SFR, my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ). So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct. BTW I’m a complete novice at this  , how do you get a bash scrip to run from the command line ?. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).
Last edited by Barkin on Mon 05 Nov 2012, 18:10; edited 1 time in total |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
SFR
Joined: 26 Oct 2011 Posts: 837 |
Ok, so it'll be like this:
Did you put "./" (without quotes) before the name of the scirpt? If you're trying to run a script that is not located in one of the usual dirs for binaries (/bin or /usr/bin or /sbin etc.; you can see the full list by echo $PATH) then you have to provide full path to the script or, if you are already in the directory where the script is, it's enough:
PS. And don't put spaces in the filename of the script. 
Greetings! _________________ [O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource Omnia mea mecum porto. |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
No, that's where I was going wrong ... Thanks very much SFR : it would have taken me a month of Sundays to work that out myself.
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
New and improved encryption method , convert everything into md5s but treat md5s as strings and add a sort of shuffle, e.g. ... secret 5ebe2294ecd0e0f08eab7690d2a6ee69 puppy 9095eae491e5c0c17a2ef89477393ec4 Linux edc9f0a5a5d57797bf68e37364743831 secretpuppy 5ebe2294ecd0e0f08eab7690d2a6ee699095eae491e5c0c17a2ef89477393ec4 md5(secretpuppy) 67a2d6c8963c9e1418fc295d44082c6e Least significant half of md5(secretpuppy) 18fc295d44082c6e Least significant half of Linux bf68e37364743831 Combine halves to create md5 lookalike 18fc295d44082c6ebf68e37364743831 Do an md5 of the above md5 lookalike bc81017d8c78f0adcb42187a8b30b282 optional twist Ac81017d8c78f0adcb42187a8b30b28Z [ NB: in practice the values for String1 & 2 should not be dictionary words like "puppy" and "Linux", and should be more than 9 characters long. If possible include upper and lower case characters and some numbers ].
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
SFR
Joined: 26 Oct 2011 Posts: 837 |
Hey Barkin. Nice one, I didn't notice before how you've extended the script. I've been thinking how to increase password's strenght, to go beyond hex digits and AZ twist, and figured out that uuencode could be a good choice to produce a string consisting of upper case alpha + special characters (optional). Check it out:
Greetings!
_________________ [O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource Omnia mea mecum porto. |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
vovchik
 Joined: 23 Oct 2006 Posts: 1285 Location: Ukraine |
Dear guys and gals, i did this thing some time ago and it works OK: http://www.murga-linux.com/puppy/viewtopic.php?t=53478 With kind regards, vovchik |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
Re: SFR The uuencode really obfuscates matters, which is a good thing, (the computer equivalent of Latin :¬). but there’s no way I could do that manually, e.g. if I had to read files I’d encrypted using a borrowed / public computer which only had Windows OS. I have MD5 calculators which work in-browser so can be used on any OS which has an internet browser which has javascript. So simple MD5 manipulations I could perform on any computer, even if I didn’t have access to the internet. Reading up on this I’ve discovered adding computational effort is the secret to making encryption keys difficult to crack , see PBKDF2 ... https://en.wikipedia.org/wiki/PBKDF2 ) So some sort of iterative process where the output is recycled as the input thousands of times, (again I couldn't do this manually). The new added twist I thought of was rotating the characters of the salt, e.g. “puppy” ... MD5(MD5(MD5(MD5(MD5(MD5(MD5(secretpuppy)ypupp)pypup)ppypu)uppyp)puppy)ypupp) the iterations are not limited by the length of the string “puppy”, (or its 32 character MD5), the rotation of the characters just loops round back to the starting position. Re: vovchik The output of bpwgen produces different results for the same input string. If I remembered my passphrase was derived from "i love my cat" putting that string into bpwgen would probably not return the encrypted version actually I used as a password, ( maybe successful match achieved after repeated tries of bpwgen ).
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
vovchik
Joined: 23 Oct 2006 Posts: 1285 Location: Ukraine |
Dear Barkin, You can change my source for bpwgen not to use randimizing or try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html. With kind regards, vovchik PS. Should I post a binary? |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
Thanks for that: I didn't know an MD5 function could be called by a BASIC program. |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
SFR
Joined: 26 Oct 2011 Posts: 837 |
I have bpwgen in my collection since a year maybe...and completely forgot about it!
Thanks for reminding me, really cool app, i love all kind of 1337 G3n=R@+0r$. (I have the other one too).
I don't clearly understand, so the limit will be fixed or 'String's_Lenght +1' ? Anyway, I was tinkering a little on this subject and ended up with this (I made it stand alone); it covers options no.1 (fixed iterations):
But on the other hand, such a twist also wouldn't be so easy to perform manually, would it?
Greetings!
_________________ [O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource Omnia mea mecum porto. |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
That’s exactly what I had in mind, excellent, the iterations are not limited by the salt string length. I only used the short word “puppy” as a salt as it was easier to show that rotation twist just keeps rotating. I’ve tweaked your code to convert the password (file_name) and salt into MD5, and only output the final result as 100's - 1000's iterations are required for good security, (as many iterations that can be done in about a second is a practical compromise) ...
Yes, it would even be difficult for the computer to do 1000's of iterations, that’s the point : making the process “computationally expensive” makes cracking the encryption it much more time-consuming, hopefully impractical amount of time is required. The simpler encryption method I described at the start of this thread is crackable in tens of days (off-line) if the method is known by the cracker and single dictionary words have been used as the salts. Incorporating a thousand iterations extends that time to decades , even if single dictionary words are used as salts, (which is not a good idea). [ a dictionary crack , (trying all of the approx 200,000 words in in a standard dictionary), takes a few seconds , same time for precomputed (unsalted) MD5s of single dictionary words, see attached screengrab from http://www.md5decrypter.co.uk/ ].
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
Barkin
Joined: 12 Aug 2011 Posts: 592 |
|
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
Need script that generates password using MD5sum [solved]
| Page 1 of 1 [14 Posts] |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Programming |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group