16 posts
Posted 14 June 2016 - 05:48 PM
Hey,
I created this small, password protected OS. It is called SecOS and cannot be terminated. Also, the password of the users are encrypted so that you cannot read them directly. However, you can edit them. They are (as far as I know) only decryptable with themselves as password.
Added commands:
- mkusr (Create a new user in the /users directory)
- passwd (Change the password of the user you log in)
Added APIs:
- secure (A small API which allows for fast password encryption and check)
Added directories:
- /users (The directory every user and password is stored)
Link:
SaRwxwcnNote: This file can unpack itself, simply type in "<Filename> <Filename>"
I hope you have fun with this. :)/>
115 posts
Location
Maidstone, UK
Posted 16 June 2016 - 04:20 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
16 posts
Posted 16 June 2016 - 08:11 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure…
767 posts
Posted 16 June 2016 - 08:14 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure…
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
16 posts
Posted 16 June 2016 - 08:21 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure…
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
Ok, I will look into that, although I don't have much experience with encrypting text. :)/>
314 posts
Location
Glass/UX/main.lua
Posted 16 June 2016 - 08:26 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure…
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
But where would you securely store the salt?
767 posts
Posted 16 June 2016 - 08:30 PM
Why are the passwords encrypted? Have you thought of hashing them instead?
Yes I did, but hashed codes can be found in pre-made tables. I think this way it is more secure…
Use a salt with the password. That'd prevent lookup-tables from working properly, without also getting the salt.
But where would you securely store the salt?
The salt doesn't have to be stored in a secret place.
You can save the hash of the password+salt in the same file, if you want to. (For example with the salt on the 2nd line)
Edited on 16 June 2016 - 06:45 PM
756 posts
Posted 16 June 2016 - 11:25 PM
The current hash algorithm is not safe at all anyway.
Spoiler
All character is encoded individually, by multiplying with some value, and that value can of course be retrieved by calculating the greatest common divisor of all the numbers.
There is some good hashing algorithms on my profile page that you can use to securely store password, mainly PBKDF2-SHA2.
The salt doesn't need to be secret, but don't simply concatenate it the password, use HMAC-SHA2 or PBKDF2-SHA2 instead.
Edited on 16 June 2016 - 09:46 PM
16 posts
Posted 17 June 2016 - 02:59 PM
The current hash algorithm is not safe at all anyway.
Spoiler
All character is encoded individually, by multiplying with some value, and that value can of course be retrieved by calculating the greatest common divisor of all the numbers.
There is some good hashing algorithms on my profile page that you can use to securely store password, mainly PBKDF2-SHA2.
The salt doesn't need to be secret, but don't simply concatenate it the password, use HMAC-SHA2 or PBKDF2-SHA2 instead.
Well, thanks. As I mentioned earlier, I do not know much about encoding text.
I will look into it.
Um, and may I ask for an advice? If I take the algorith and make it multiply the numbers like this:
function encode(sInput)
local encoded = ""
local value = 0
for i=1,string.len(sInput),1 do
value = value+string.byte(string.sub(sInput,i,i))
end
for i=1,string.len(sInput),1 do
encoded = encoded..tostring(string.byte(string.sub(sInput,i,i))*value^i*value)
--Actually I don't know how to do this X^n thing correctly
end
return encoded
end
Would it be more secure?
Edited on 17 June 2016 - 01:07 PM
756 posts
Posted 28 July 2016 - 06:06 PM
Um, and may I ask for an advice? If I take the algorith and make it multiply the numbers like this:
...
Would it be more secure?
You learned the answer in grade school, it's trivial to invert multiplication and exponentiation with division and radix.