Since I wrote my last message (1h 10 minutes ago) I wrote a quick'n'dirty
program that looks for alternate strings. Guess what, it finds the string as
fast as even by SET DECIMALS TO 18 I couldn't measure the execution time.
I used my name as a password and padded it with ABCDE up to 20 chars length.
Alternate string found was "Bu" - this generates the same hash.
-----------------------------------------------------------------
str = "Grigore DolghinABCDE"
nResult = CalculateHash(str)
MessageBox("The resulting integer value is " + Transform(nResult))
MessageBox("Looking for a string that generates the same final output...")
FindAlternateString(nResult)
Function CalculateHash(str)
nVal = 1
For lnI = 1 To Len(str)
char = Substr(str,lnI,1)
cod = nVal * Asc(char)
nVal = Rand(Int(cod))
EndFor
Return Int(nVal * 10000000)
EndFunc
Function FindAlternateString(nHash)
Local Success
For i = 0 To 20 && string length
For j = 65 To 122 && A-z with whatever is in between
str = Chr(j)
Success = IterateTroughChars(str, nHash)
If Success
Exit
EndIf
EndFor
If Success
Exit
EndIf
EndFor
EndFunc
Function IterateTroughChars(str, nHash)
Local Success
For k = 65 To 122
tmpStr = str + Chr(k)
If CalculateHash(tmpStr) = nHash
MessageBox("Alternate string found: " + tmpStr)
Success = .T.
Exit
EndIf
EndFor
Return Success
EndFunc
----------------------------------------------------------------------------
-----------------
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Gérard Lochon
Sent: Thursday, December 22, 2011 1:58 AM
To: [email protected]
Subject: Re: Alternatives to storing a user's password in your database
> ----- Original Message -----
> From: "John Weller" <[email protected]>
> Could you explain why there can only be 65128 different values?
At the first turn , you have 256 seeding possibilities. You randomize.
Then you multiply this value (between 0 and 1) by an ascii code (between 0
and 255), then take the integer of it ;
the minimum value of the result is 0 * 0 => 0, and the maximum value is 1 *
255 => 255 , so this integer has also only 256 possibilities !
At each turn you don't increase the number of possibilities for seeding
because you take the integer at the previous turn, and by induction it will
be so until the end.
So, to calculate the number of possibilities, it is sufficient to examine
turn 1 and 2 (without integering the result as if turn 2 was turn 20).
[VFP]
CREATE CURSOR test (s1 c(1),s2 c(1), r1 n(10,8),r2 n(13,8))
FOR i = 0 TO 255
FOR j = 0 TO 255
INSERT INTO test VALUES (CHR(i),CHR(j),RAND(i),r1*j)
ENDF
ENDF
SELECT COUNT(distinct r2) FROM test
[/VFP]
Oops, sorry it was 65281, not 65128 ; its better :o))))))))))))))))))
Gérard.
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
