Encrypted password question

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



Encrypted password question



I noticed in the html of my router this parameter:



form.addParameter('Password', base64encode(SHA256(Password.value)));


form.addParameter('Password', base64encode(SHA256(Password.value)));



So when I type in the password passw I get this via sslstrip:


passw


sslstrip


2018-09-25 21:13:31,605 POST Data (192.168.1.1):
Username=acc&Password=ZTQ1ZDkwOTU3ZWVjNzM4NzcyNmM2YTFiMTc0ZGE3YjU2NmEyNGZmNGNiMDYwZGNiY2RmZWJiOTMxYTkzZmZlMw%3D%3D



Is this hash easy to crack via bruteforce/dictionary? I am still a beginner, but that looks like double encryption to me.
Also, is there some faster way of getting this password than cracking it?




2 Answers
2



It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.



An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.





Only trivial if the password is common.
– zaph
1 hour ago





I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
– ThoriumBR
52 mins ago





Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Try e88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe, it is a the SHA-256 hash of a 12 character password.
– zaph
6 mins ago



e88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe



I URL decoded it, then decoded it from base64, then passed it to an online hash database.



The result was:


Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

make 2 or more post in bootsrap

Image
Clash Royale CLAN TAG #URR8PPP make 2 or more post in bootsrap I am making a CMS and I want to add two or more content post in every row, I can made one post in one columns, please see my code below. I am using PHP , HTML and bootstrap . CMS PHP HTML bootstrap How can I add two or more content post in every row? Code: <div class="container"> <div class="row"> <!-- Post Content Column --> <div class="col-lg-4 border border-dark rounded"> <?php $query = "SELECT * FROM POSTS"; $run_query_post = mysqli_query($connection, $query); while ($row = mysqli_fetch_assoc($run_query_post)) $post_id = $row['post_id']; $post_title = $row['post_title']; $post_author = $row['post_author']; $post_date = $row['post_date']; $post_image = $row['post_image']; $post_content = substr($row['post_content'], 0, 50); $post_status = $row['post_status']; if ($post_status !=...
Read more

Store custom data using WC_Cart add_to_cart() method in Woocommerce 3

Image
Clash Royale CLAN TAG #URR8PPP Store custom data using WC_Cart add_to_cart() method in Woocommerce 3 I am creating a membership site and totally created static pages for each Membership plans (have only 3 plans). However, I have added products for each plan and when I hit SELECT PLAN button I redirect to some custom form where I ask users range of info we are going to use to fulfil the plan (same as sneakertub.com). I have written code into the PHP page which will handle SUBMIT action of the form. This PHP file, infopage.php , will process POST data I sent via POST call and stores these all data into WC session. infopage.php $customer_name = $_POST["customer_name"]; $customer_email = $_POST["customer_email"]; $customer_sex = $_POST["customer_sex"]; $customer_age = $_POST["customer_age"]; $product_id = $_POST["product_id"]; global $wp_session; $data = array( 'customer_name' => $customer_name, 'customer_email' =...
Read more

Firebase Auth - with Email and Password - Check user already registered

Image
Clash Royale CLAN TAG #URR8PPP Firebase Auth - with Email and Password - Check user already registered I want to check when a user attempts to signup with createUserWithEmailAndPassword() in Firebase user Authentication method, this user is already registered with my app. createUserWithEmailAndPassword() 8 Answers 8 To detect whether a user with that email address already exists, you can detect when the call to createUserWithEmailAndPassword () fails with auth/email-already-in-use . I see that @Srinivasan just posted an answer for this. createUserWithEmailAndPassword () auth/email-already-in-use Alternatively, you can detect that an email address is already used by calling fetchSignInMethodsForEmail() (previous called fetchProvidersForEmail() ). fetchSignInMethodsForEmail() fetchProvidersForEmail() When the user trying to create an user with same email address, the task response will be "Response: The email address is already in use by another account." mFirebas...
Read more