API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 26th, 2017
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.15 KB | None | 0 0
raw download clone embed print report
  1. import hashlib
  2. import binascii
  3. import timeit
  4. salt = None
  5.  
  6. with open("salt","r") as f:
  7.     salt = f.read()
  8.    
  9.  
  10.  
  11. def hashPw(pw):
  12.     h = hashlib.sha512()
  13.     h.update(pw)
  14.     h.update(salt)
  15.     nh = h.digest()
  16.     for i in range(1,1024):
  17.         h2 = hashlib.sha512()
  18.         h2.update(nh)
  19.         h2.update(salt)
  20.         h2.update(str(i))
  21.         nh = h2.digest()
  22.     return nh
  23.  
  24.  
  25.  
  26.  
  27. def hashTest():
  28.     res = hashPw("derpherp")
  29.     # for a-z there are 36^len posible combinations
  30.     # 28211090456 combinations to bruteforce it
  31.     # but lets assume that the attacker will only
  32.     # have to try 0.1% of them (28211090) it will still
  33.     # take the attacker a long time and rainbow tables won't help him
  34.  
  35.     # Dictionary attacks: lets say that it takes a 500 000 (very conservative estimate)
  36.     # It took me 1840sec to try all the hashes. If I had used a alphanumerosymbolic password
  37.     # with more than 9 characters it would be unfeasiable to crack it without resorting
  38.     # to FPGAs
  39.    
  40.  
  41.  
  42. t = timeit.Timer(hashTest)
  43.  
  44. print("Time taken to do a single hash: "+str(t.timeit(1)))
  45.  
  46.  
  47. print("dictionary hashes "+str(t.timeit(500000)))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!