Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Nov 2014, 03:18
All times are UTC - 4
 Forum index » Off-Topic Area » Programming
Need script that generates password using MD5sum [solved]
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [14 Posts]  
Author Message
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Mon 05 Nov 2012, 15:15    Post subject:  Need script that generates password using MD5sum [solved]  

I’m trying produce a program to automate my version of creating passwords which uses the MD5sum function twice.

I create a password for an encrypted file which is derived from the file_name using the following formula …

MD5(MD5(file_name+string1)string2)

i.e. the hexadecimal result of MD5(file_name+string1) is treated as text string, appended with string2, then a MD5 is calculated of that concatenated string, e.g. …

file_name = “secret”
String 1 = “puppy”
String 2 = “Linux”

MD5(MD5(file_name+string1)string2)

=> MD5(MD5(secretpuppy)Linux)

=> MD5(34b89fb99e33b530fb8719728db4618bLinux)

=> fe2849a306625b1d2b08c05c712365b2

i.e. the password for file called “secret” is “fe2849a306625b1d2b08c05c712365b2”


I know it is possible to calculate MD5 from the CLI in puppy , http://puppylinux.org/wikka/md5sum but don’t know how to write a script to automate the above process.


[ PS
as a final twist I would like to substitute the first and last characters of the final MD5 with the upper case letters “A” and “Z” , giving "Ae2849a306625b1d2b08c05c712365bZ" , but that’s optional ]

Last edited by Barkin on Sat 17 Nov 2012, 01:12; edited 1 time in total
Back to top
View user's profile Send private message 
SFR


Joined: 26 Oct 2011
Posts: 1101

PostPosted: Mon 05 Nov 2012, 16:33    Post subject:  

Hey Barkin.

Could be something like this?

Code:
#! /bin/bash

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 3 ] && echo -e "Usage:\n$MYNAME <filename> <string1> <string2>" && exit 1

file_name="$1"
string1="$2"
string2="$3"

THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ')

# And the final (optional) twist ;)
THE_TWISTED_SUM="A${THE_SUM:1:30}Z"

echo "$THE_TWISTED_SUM"

You can call this script from a terminal, eg: script_name secret puppy Linux

Greetings!

_________________
[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Mon 05 Nov 2012, 17:51    Post subject:  

SFR wrote:
Hey Barkin.
Could be something like this?

Thanks SFR,

my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).

So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.

BTW I’m a complete novice at this Embarassed , how do you get a bash scrip to run from the command line ?. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).

Last edited by Barkin on Mon 05 Nov 2012, 18:10; edited 1 time in total
Back to top
View user's profile Send private message 
SFR


Joined: 26 Oct 2011
Posts: 1101

PostPosted: Mon 05 Nov 2012, 18:09    Post subject:  

Barkin wrote:
my idea was to include the string1 and string2 as data in the program, rather than having them as variables which are given when the script is executed, ( the function of the script is to check I’ve not made errors when imputing string1 and string2 ).

So the only variable would be the file_name: just give the script the file_name and have it work out the result for fixed values of string1 and string2, as a check that the result I calculated manually is correct.

Ok, so it'll be like this:

Code:
#! /bin/bash

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1

file_name="$1"
string1="puppy"
string2="Linux"

THE_SUM=$(echo -n "$(echo -n "$file_name$string1" | md5sum | cut -f1 -d ' ')$string2" | md5sum | cut -f1 -d ' ')

# And the final (optional) twist ;)
THE_TWISTED_SUM="A${THE_SUM:1:30}Z"

echo "$THE_TWISTED_SUM"


Barkin wrote:
BTW I’m a complete novice at this Embarassed , how do you get a bash scrip to run from the command line. I made a text file and made it executable, opened a terminal in the same directory, but no joy ( I don’t know anything about the syntax ).

Did you put "./" (without quotes) before the name of the scirpt?
If you're trying to run a script that is not located in one of the usual dirs for binaries (/bin or /usr/bin or /sbin etc.; you can see the full list by echo $PATH) then you have to provide full path to the script or, if you are already in the directory where the script is, it's enough:
Code:
./script_name


PS. And don't put spaces in the filename of the script. Wink

Greetings!

_________________
[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Mon 05 Nov 2012, 18:19    Post subject:  

SFR wrote:
Did you put "./" (without quotes) before the name of the scirpt?

No, that's where I was going wrong ...

Thanks very much SFR : it would have taken me a month of Sundays to work that out myself.
yesss.png
 Description   screengrab
 Filesize   4.47 KB
 Viewed   673 Time(s)

yesss.png

Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Mon 05 Nov 2012, 20:14    Post subject:  

New and improved encryption method , convert everything into md5s but treat md5s as strings
and add a sort of shuffle, e.g. ...

secret
5ebe2294ecd0e0f08eab7690d2a6ee69

puppy
9095eae491e5c0c17a2ef89477393ec4

Linux
edc9f0a5a5d57797bf68e37364743831

secretpuppy
5ebe2294ecd0e0f08eab7690d2a6ee699095eae491e5c0c17a2ef89477393ec4

md5(secretpuppy)
67a2d6c8963c9e1418fc295d44082c6e

Least significant half of md5(secretpuppy)
18fc295d44082c6e

Least significant half of Linux
bf68e37364743831

Combine halves to create md5 lookalike
18fc295d44082c6ebf68e37364743831

Do an md5 of the above md5 lookalike
bc81017d8c78f0adcb42187a8b30b282

optional twist
Ac81017d8c78f0adcb42187a8b30b28Z


[ NB: in practice the values for String1 & 2 should not be dictionary words like "puppy" and "Linux", and should be more than 9 characters long.
If possible include upper and lower case characters and some numbers ].

Code:

#! /bin/bash

MYNAME="$(basename $(readlink -e $0))"

[ "$#" -lt 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1

file_name="$1"
String1="puppy"
String2="Linux"

# make md5 sums of file name , String1 & String2 
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')"
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')"
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')"

# note: in this program md5s are treated as strings rather than hexadecimal numbers

# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')"

# get the least significant half of the md5(md5(file_name)+md5(String1)) 
LHsumFNS1="${sumFNS1:16:16}"

# get the least significant half of the md5 of String2
LHsumS2="${sumS2:16:16}"

# concatenate the two least significant half md5s to create a 32 character string
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky),
# then make an md5 of this 32 character string
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')"

# optional twist, substituting the first and last characters with upper case A & Z (or add what u like)
twisted="A${sumFIN:1:30}Z"

# output results
echo "Final md5 " "$sumFIN"
echo "twisted   " "$twisted"
mdcry secret.png
 Description   
 Filesize   5.77 KB
 Viewed   603 Time(s)

mdcry secret.png

Back to top
View user's profile Send private message 
SFR


Joined: 26 Oct 2011
Posts: 1101

PostPosted: Tue 13 Nov 2012, 16:23    Post subject:  

Hey Barkin.

Nice one, I didn't notice before how you've extended the script.

I've been thinking how to increase password's strenght, to go beyond hex digits and AZ twist, and figured out that uuencode could be a good choice to produce a string consisting of upper case alpha + special characters (optional).

Check it out:

Code:
#! /bin/bash

MYNAME="$(basename $0)"      # 'readlink' wasn't necessary here, my bad...

[ "$#" -ne 1 ] && echo -e "Usage:\n$MYNAME <filename>" && exit 1

file_name="$1"
String1="puppy"
String2="Linux"

# make md5 sums of file name , String1 & String2 
sumFN="$(echo -n $file_name | md5sum | cut -f1 -d ' ')"
sumS1="$(echo -n $String1 | md5sum | cut -f1 -d ' ')"
sumS2="$(echo -n $String2 | md5sum | cut -f1 -d ' ')"

# note: in this program md5s are treated as strings rather than hexadecimal numbers

# concatenate md5s of the file name and md5 of String1 and make an md5 of this 64 character string
sumFNS1="$(echo -n "$sumFN$sumS1" | md5sum | cut -f1 -d ' ')"

# get the least significant half of the md5(md5(file_name)+md5(String1)) 
LHsumFNS1="${sumFNS1:16:16}"

# get the least significant half of the md5 of String2
LHsumS2="${sumS2:16:16}"

# concatenate the two least significant half md5s to create a 32 character string
# which only contains hexadecimal characters so it looks like an md5, but isn't, (sneaky),
# then make an md5 of this 32 character string
sumFIN="$(echo -n "$LHsumFNS1$LHsumS2" | md5sum | cut -f1 -d ' ')"


# uuencode doubled sumFIN and trim out all digits - they're already present in md5sum
uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -d '[:digit:]')"
# Optional, if special characters are not desired:
#uu_TWIST="$(echo $sumFIN$sumFIN | uuencode - | awk 'NR==2' | tr -cd '[:alpha:]')"

# Mix even chars from sumFIN (in reversed order) with first 16 chars from uu_TWIST
MIXED=
for i in {0..15}; do
  MIXED="$MIXED""${sumFIN:$((31-$i*2)):1}${uu_TWIST:$i:1}"
done

# optional twist, substituting the first and last characters with upper case A & Z (or add what u like)
#twisted="A${sumFIN:1:30}Z"
twisted="A${MIXED:1:30}Z"

# output results
echo -e "Final md5 \t\t\t" "$sumFIN"
echo -e "UU_twist (alone) \t\t" "$uu_TWIST"
echo -e "Final md5 mixed with UU_twist \t" "$MIXED"
echo -e "twisted \t\t\t" "$twisted"


Greetings!
screenshot.png
 Description   
 Filesize   89.81 KB
 Viewed   617 Time(s)

screenshot.png


_________________
[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send private message 
vovchik


Joined: 23 Oct 2006
Posts: 1287
Location: Ukraine

PostPosted: Tue 13 Nov 2012, 16:47    Post subject:  

Dear guys and gals,

i did this thing some time ago and it works OK:

http://www.murga-linux.com/puppy/viewtopic.php?t=53478

With kind regards,
vovchik
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Tue 13 Nov 2012, 18:40    Post subject:  

Re: SFR

The uuencode really obfuscates matters, which is a good thing, (the computer equivalent of Latin :¬).

but there’s no way I could do that manually, e.g. if I had to read files I’d encrypted using a borrowed / public computer which only had Windows OS.

I have MD5 calculators which work in-browser so can be used on any OS which has an internet browser which has javascript. So simple MD5 manipulations I could perform on any computer, even if I didn’t have access to the internet.

Reading up on this I’ve discovered adding computational effort is the secret to making encryption keys difficult to crack , see PBKDF2 ... https://en.wikipedia.org/wiki/PBKDF2 )

So some sort of iterative process where the output is recycled as the input thousands of times, (again I couldn't do this manually).
The new added twist I thought of was rotating the characters of the salt, e.g. “puppy” ...

MD5(MD5(MD5(MD5(MD5(MD5(MD5(secretpuppy)ypupp)pypup)ppypu)uppyp)puppy)ypupp)

the iterations are not limited by the length of the string “puppy”, (or its 32 character MD5), the rotation of the characters just loops round back to the starting position.



Re: vovchik

The output of bpwgen produces different results for the same input string. If I remembered my passphrase was derived from "i love my cat" putting that string into bpwgen would probably not return the encrypted version actually I used as a password, ( maybe successful match achieved after repeated tries of bpwgen ).
output of ''bpwgen'' has inconsistent results.png
 Description   Screengrab of console showing different bpwgen results for constant input string
 Filesize   7.31 KB
 Viewed   612 Time(s)

output of ''bpwgen'' has inconsistent results.png

Back to top
View user's profile Send private message 
vovchik


Joined: 23 Oct 2006
Posts: 1287
Location: Ukraine

PostPosted: Wed 14 Nov 2012, 04:22    Post subject:  

Dear Barkin,

You can change my source for bpwgen not to use randimizing or try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.

With kind regards,
vovchik

PS. Should I post a binary?
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Wed 14 Nov 2012, 09:54    Post subject:  

vovchik wrote:
... try my md5.bac, which does maybe what you are after: http://www.basic-converter.org/md5.bac.html.

Thanks for that: I didn't know an MD5 function could be called by a BASIC program.
Back to top
View user's profile Send private message 
SFR


Joined: 26 Oct 2011
Posts: 1101

PostPosted: Wed 14 Nov 2012, 17:39    Post subject:  

vovchik wrote:
http://www.murga-linux.com/puppy/viewtopic.php?t=53478

I have bpwgen in my collection since a year maybe...and completely forgot about it! Embarassed
Thanks for reminding me, really cool app, i love all kind of 1337 G3n=R@+0r$.
(I have the other one too).

Barkin wrote:
The new added twist I thought of was rotating the characters of the salt, e.g. “puppy” ...

MD5(MD5(MD5(MD5(MD5(MD5(MD5(secretpuppy)ypupp)pypup)ppypu)uppyp)puppy)ypupp)

the iterations are not limited by the length of the string “puppy”, (or its 32 character MD5), the rotation of the characters just loops round back to the starting position.

I don't clearly understand, so the limit will be fixed or 'String's_Lenght +1' ?

Anyway, I was tinkering a little on this subject and ended up with this (I made it stand alone); it covers options no.1 (fixed iterations):

Code:
#! /bin/bash
 
MYNAME=`basename $0`
[ "$#" -ne 3 ] && echo -e "Usage:\n$MYNAME <pass> <salt> <iterations>" && exit 1
[ "`echo "$3" | tr -cd '[:digit:]'`" = "" ] && echo "Bad parameter: <iterations>" && exit 1

PASS="$1"
SALT="$2"
ITERATIONS="$3"

LENGHT=${#SALT}

MD5=`echo -n "$PASS$SALT" | md5sum | cut -f1 -d ' '`
echo -e "01:"$PASS$SALT "\t\t\t\t\t->" $MD5

for i in `seq -w 2 $ITERATIONS`; do
  SALT="${SALT:$(($LENGHT-1)):1}${SALT:0:$(($LENGHT-1))}"   # ROR the string
  echo -n $i":"$MD5
  MD5=`echo -n "$MD5$SALT" | md5sum | cut -f1 -d ' '`
  echo -e $SALT "\t->" $MD5
done

But on the other hand, such a twist also wouldn't be so easy to perform manually, would it? Wink

Greetings!
screenshot.png
 Description   
 Filesize   37.14 KB
 Viewed   505 Time(s)

screenshot.png


_________________
[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Wed 14 Nov 2012, 20:49    Post subject:  

SFR wrote:
I don't clearly understand, so the limit will be fixed or 'String's_Lenght +1' ?

Anyway, I was tinkering a little on this subject and ended up with this (I made it stand alone); it covers options no.1 (fixed iterations):

That’s exactly what I had in mind, excellent, the iterations are not limited by the salt string length. I only used the short word “puppy” as a salt as it was easier to show that rotation twist just keeps rotating. I’ve tweaked your code to convert the password (file_name) and salt into MD5, and only output the final result as 100's - 1000's iterations are required for good security, (as many iterations that can be done in about a second is a practical compromise) ...

Quote:
Apple's iOS 3 uses 2,000 iterations and iOS 4 uses 10,000
https://en.wikipedia.org/wiki/PBKDF2#BlackBerry_vulnerability

Code:
#! /bin/bash
 
MYNAME=`basename $0`
[ "$#" -ne 3 ] && echo -e "Usage:\n$MYNAME <pass> <salt> <iterations>" && exit 1
[ "`echo "$3" | tr -cd '[:digit:]'`" = "" ] && echo "Bad parameter: <iterations>" && exit 1

# go the whole hog and convert pass and salt into their MD5 sums

PASS="$(echo -n $1 | md5sum | cut -f1 -d ' ')"
SALT="$(echo -n $2 | md5sum | cut -f1 -d ' ')"
ITERATIONS="$3"

LENGHT=${#SALT}

MD5=`echo -n "$PASS$SALT" | md5sum | cut -f1 -d ' '`
echo -e "Please wait, this may take some time, (a few seconds per thousand iterations)"

for i in `seq -w 2 $ITERATIONS`; do
  SALT="${SALT:$(($LENGHT-1)):1}${SALT:0:$(($LENGHT-1))}"   # ROR the string
  MD5=`echo -n "$MD5$SALT" | md5sum | cut -f1 -d ' '`
 done
# just print final MD5 sum ( rather than the 100's or 1000's of intermediate MD5s )
echo $MD5


SFR wrote:
But on the other hand, such a twist also wouldn't be so easy to perform manually, would it?

Yes, it would even be difficult for the computer to do 1000's of iterations, that’s the point : making the process “computationally expensive” makes cracking the encryption it much more time-consuming, hopefully impractical amount of time is required. The simpler encryption method I described at the start of this thread is crackable in tens of days (off-line) if the method is known by the cracker and single dictionary words have been used as the salts. Incorporating a thousand iterations extends that time to decades , even if single dictionary words are used as salts, (which is not a good idea).

[ a dictionary crack , (trying all of the approx 200,000 words in in a standard dictionary), takes a few seconds , same time for precomputed (unsalted) MD5s of single dictionary words, see attached screengrab from http://www.md5decrypter.co.uk/ ].
rotmd5-tweaked.png
 Description   Screengrab of output of rotmd5t, tweaked version of rotmd5.
 Filesize   2.77 KB
 Viewed   496 Time(s)

rotmd5-tweaked.png

reverse MD5 lookup for dictionary words is possible.png
 Description   screengrab from http://www.md5decrypter.co.uk/
 Filesize   10.68 KB
 Viewed   488 Time(s)

reverse MD5 lookup for dictionary words is possible.png

Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 744

PostPosted: Sun 18 Nov 2012, 00:34    Post subject:  

nakedsecurity.sophos.com wrote:
You simply must use many iterations of your chosen hash, to slow down crackers by making brute-force attacks harder by a factor as big as the number of iterations.
http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [14 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Programming
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1230s ][ Queries: 13 (0.0043s) ][ GZIP on ]