Reputation: 13
C++: Reverse this hash?
I have been using this to hash my passwords but I have a feeling it isn't very secure. I've been googling around to see if someone has decrypted a string using this. This is the encryption algorithm, I'm not sure how to go about reversing the math to decrypt hashes instead. Any help would be welcomed. This is the encrypter in C++.
EDIT: I do plan on switching to a more secure method of hashing passwords, however in order to do this I need to reverse the math to convert it to plain text before I convert to the new hashed SHA256 string. People don't seem to understand me here, I understand this is insecure, this is just showing the algorithm in c++. It is actually for a different language. I am limited on what I can do and how I do it in that language.
#include <iostream>
#include <string.h>
using namespace std;
int main()
{
char hasher[256];
cout<< "Input a string!"<<endl;
cin>> hasher;
cout << endl;
for(int x=0; x < strlen(hasher); x++)
{
hasher[x] += (3^x) * (x % 15);
if(hasher[x] > (255))
{
hasher[x] -= 256;
}
}
cout << hasher << endl;
system("pause");
return 1;
}
Upvotes: 0
Views: 1645
Answers (2)
Reputation: 73446
You modify every char, only based on its relative position in the string. This is an extremely weak way to proceed. It won't resist a plain text attack (if you know two passwords, and its encoding):
password -> pcusôìÉÇ
abaaa -> adca}
So the attacker will immediately notice that the first and fourth char remain unchanged, and the second and third shifts by 2 letters. On an average 8 letters password, half of it would be broken. And unfortunately many passwords might be guessed from the first four letters !
In fact it will be easy in this way to find out the other shifts 0,2,2,0,28, 30,30,28,88,80,90,.... (less impressive than your formula, isn't it ?).
You put your users really at risk here. Better, go to a standard hash function such as sha512 and store only the hash in the database. This means that it's not possible to find back the password (missing information). But you can verify if the password the user typed is correct by calculating the hash of its input and compare it to the hash in the database (see "article Safely storing user passwords").
Upvotes: 2
Reputation: 60017
You are adding a number to the character based upon position. Just subtract that number 3^x etc
Upvotes: 0
Related Questions
- How to build Perfect Hash in C++?
- Reversing a hash (finding collisions)
- Hashing Function/Code
- how do i find collision for a simple hash algorithm
- Is there a way to reverse a crypt() in c?
- Generating a hash key using cpp
- Trying to figure out what this hash function returns
- How do i write a hash function in C++?
- Is there a way to get the original value back after this hash function?
- C++ hashing algorithm