Sodi

回覆  ～虎～

>>HKID + Phone本身Data既Combination太少係事實
COMBINATION小 =/=容易CRACK.
可以SHA256( ...
dsscss 發表於 2014-9-13 18:32

樓主解了 #45 大大出的先啦..........
===========
Contact me if you want: 5630dc3b41a969e4eaa5a734e1d8f6ad40fdc987
Great hint: HKID with "( )" + space + telephone no. -> AES (CBC) -> SHA-1 (no salt)
===========

samiux

It is very interesting that someone else asked me to crack a given hash.  However, I will not waste my resources to prove something else to you all and I am unwilling to teach you all something else.  

I think that to crack an useless hash and rewarded $10,000-HK is not worth for me to do so.  In real life, if I cracked a useful hash, I will gain more than that.  I do that kind of work very often.  

Meanwhile, I am not caring about if anyone else believe in me or not.  I just bring up my point of view for that matter only.

My last word : While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Samiux

dsscss

回覆 52# samiux

你真係好笑.

你講到咁易,
你係HACKER 0黎 0麻,
你只要寫到個PROGRAM係
GEN COMBINATION -> 產生HASH TABLE -> COMPARE -> IF MATCH = SUCCESS, ELSE RETURN TO STEP1

而對於一個本身真係做開破解既人,
因為本身己經有一套TOOLSET係做呢D 0野....
跟本唔需要由頭寫D PROGRAM / 乜SCRIPT...
所以我唔知SIDE 左 你D什麼RESOURCE啦...

我個人比較務實,
所以我唔會吹一吹水,
就話因為ID+PHONE既組合太少,
所以個DATABASE易CRACK...

samiux

回覆  samiux

你真係好笑.

你講到咁易,
你係HACKER 0黎 0麻,
你只要寫到個PROGRAM係
GEN COMBINATION -> ...
dsscss 發表於 2014-9-13 22:45

Contact me if you want: 5630dc3b41a969e4eaa5a734e1d8f6ad40fdc987
Great hint: HKID with "( )" + space + telephone no. -> AES (CBC) -> SHA-1 (no salt)

My friend is interested in it if you are sure to give him $1282-US (about $10,000-hk) for the successful crack.

However, he will not pay back you the same amount when he failed.  Deal?

Samiux

Update reason : add the hash

dsscss

回覆 54# samiux

你可以想一想點解你個FRIEND會話NOT PAY BACK THE SAME AMOUNT WHEN HE FAILED,
這是因為你個FRIEND都知道COMBINATION可以太多...
沒有這個RULE,就沒有意思了...

samiux

回覆  samiux

你可以想一想點解你個FRIEND會話NOT PAY BACK THE SAME AMOUNT WHEN HE FAILED,
這是因為你 ...
dsscss 發表於 2014-9-13 23:01

You can contact him at freenode ask him if he want to pay you back if he fail or not.  Our deal is not his deal.

If you agree, I pm you the contact method.

I have no interest in this stuff.

Samiux

Update reason : fix typo

lazyfai

嘩一個吹水post吹到咁多頁, 睇死人

samiux

嘩一個吹水post吹到咁多頁, 睇死人
lazyfai 發表於 2014-9-13 23:38

Sure.  I do surprise too.  May be the topic or the content or the target (6.22 Civil Referendum) is interesting.

My first post is based on my presumption.  I already mentioned.  

Samiux

KoolFreeze

回覆  ～虎～

>>HKID + Phone本身Data既Combination太少係事實
COMBINATION小 =/=容易CRACK.
可以SHA256( ...
dsscss 發表於 2014-9-13 18:32

Keep in mind that you are assuming the source code isn't compromised, which might not be true.

Moreover, the scheme of hashing ID and phone together has a significant problem:
THE SYSTEM CAN'T CHECK IF AN ID HAS VOTED TWICE with two different phone number.
It's seems to me that's a rather rubbish "voting system".
If you hash that with more info, then the hash is even more useless.

If such a hash is useless, why keep the hash at all?
Not storing any info is the most secure method.
Why don't just increment a counter when somebody vote?
Then no hacker can hack it.