Thread replies: 6
Thread images: 1
Thread images: 1
File: 1470351715081.gif (2MB, 320x240px) Image search:
[Google]
2MB, 320x240px
Hey /g/, I'm going into information security and was curious about something. Now before I start just know that I have not gone into any programming courses nor am I a math major, so encryption is a bit out of my field, I'm just asking how feasible this would be.
From what I understand encryption runs off of assigned hashes based on a certain bit length. I know some encryption with run the hash through multiple times to create a hash for a hash. What I am after is how feasible it would be to create an encryption that either
A: created unique hashes based on the host it is running off of, this would make it impossible (lmao) to create a database of the hashes, because it would be unique to each server. Or
B:have an encryption that reassigned the hashes based on a set time interval. For example, if you had a 256 bit encryption for each password on a server that would reassign the hashes at say 5:00 everyday, or even every ten minutes or so.
Am I retarded? Is this feasible or a good idea? Am I already late to the party? Please give me your opinions if it worth pursuing, I think it's a great concept.
>mfw
>>
>>57205576
you are still in high school, have no understanding if anything, and are trying to look smart by proposing some amazing idea?
fuck off and stay in school kid
>>
you're like 20 years too late to the time-based encryption key
>>
>>57205597
>not just calling him retarded
He even gave you the option
>>
>>57205576
Based on what you are saying about B, I'm going to assume you mean password "encryption".
One, passwords shouldn't be encrypted. Encryption implies that you have some key to unencrypt them. That's a terrible fucking idea. Passwords are hased with an additional randomized value (salt). This way if someone obtains them, then there is no master key to just unencrypt them. Hashes are meant to be one way functions. An attacker would have to brute force.
Seriously, look up what the meaning of encryption is, and what the proper way to store passwords are.
A) I don't think you understand what it means if different servers would reply differently with the same password. Imagine I have two servers running to process traffic. If my password is "thisisastupidfuckingquestion", and server A hashes that to "0b123b123" and server B hashes that to "0a123a123", that is two different values and only one of them are going to be stored in a database. If you store both then you're retarded because now you just made it even easier for someone to brute force your shit if they get your password file.
B) Also a dumb idea. If you properly store passwords you dont have to touch them. If you wanted to "re-encrypt" them, then you're doing it wrong.
1. If you are talking about real encryption, then already you fucked up as mentioned before.
2. If you want to rehash, then you have just increased the likelyhood for someone to easily brute force your shit with a collision.
2. Imagine the amount of unnecessary database load this would have to be constantly rehashing passwords.
You should read more.
>>
>>57205576
>>57205791
If you want to read about actual encryption, where two parties have to authenticate each other, and prevent all sorts of MITM attacks, and have perfect forward secrecy, then read up in Diffie-Helman Key Exchange, RSA, Public Key Encryption.
Then once you understand how an intial key is established, then read up about the different block cipher modes, and stream ciphers.
Thread posts: 6
Thread images: 1
Thread images: 1