Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Crack the code!

  1. Aug 25, 2004 #1

    Pi

    User Avatar

    Here's a real-life brainteaser for you!

    I have a large number of passwords nowadays, many of which I very rarely use so I can't remember them myself. I don't like to use a software password manager, so I keep them all written in a text file on my pc - all encrypted of course. The code I use is fairly simple though, just something I thought up in 10 seconds, and I was slightly disturbed to see how quickly a mate of mine guessed the principle it was based on, although he didn't crack it completely.

    I'm interested to know how quickly it can be cracked with a moderate amount of effort from an intelligent non-expert. So here's a sample of my password file - go to it! The first person to crack them wins respect and a pat on the back.

    NB: Obviously, I'm not telling you what these passwords are for, or what the usernames to go with them are. They don't include passwords for accounts where you will be able to get credit card details, access my email etc, and they don't include my physicsforums.com password - they're just the boring accounts which I'd be willing to risk losing

    ttg]jy]h
    t;i]u#frkdi]i
    10132634042
    48518963
    6899774619
    [;iz/yfv/s
    ,q][.'ty]#0
    46195739
    .u9p2cqz.p Note slightly extended code due to non-standard characters
    ']uv[w;;ksyq
    qtfc]a['l
    ggyhyw]c#yng
    iy.eggyhyw]c
    khf'g\fw
    m]uhfv[r/
    4943749598633936
    [[k#twgttu/d (clue: hthy) capitals at beginnings of lines
    q'mv+'fie!
    v0uy3c6
    /;hxfgyq title capitalisation
    nrqth'ir.w
    /;buf#he
     
  2. jcsd
  3. Aug 25, 2004 #2

    graphic7

    User Avatar
    Gold Member

    Are these simply hashes or individual, unencrypted passwords?

    Edit: I guess if they are encrypted then, we are simply looking at some hashes for an unknown cypher.

    I don't understand what exactly you are wanting. Are you wanting us to decrypt the hashes and give you the cyphertext for each of the hashes? If so, it's computationally infeasible for anyone here. We don't know the cypher method first of all, which increases the work factor significantly. Sounds like you're wanting us to do something illegal. :rofl:
     
    Last edited: Aug 25, 2004
  4. Aug 25, 2004 #3

    Pi

    User Avatar

    They're encrypted passwords, all encrypted in the same way. One thing I should probably have mentioned is that you'll know when you get them right, because at least some of them will contain English words.
     
  5. Aug 25, 2004 #4

    graphic7

    User Avatar
    Gold Member

    How do we know these passwords are actually your's and not a shadowed-passwd file you ripped off someone's system? If I were to engage in this, I could be an accessory to breaking a law.
     
  6. Aug 25, 2004 #5

    NateTG

    User Avatar
    Science Advisor
    Homework Helper

    Because if it's a shadow file, then we'll never crack the code. I'm guessing it's some sort of keyboard cypher.
     
  7. Aug 25, 2004 #6

    graphic7

    User Avatar
    Gold Member

    If it is, that still doesn't answer the legality issue of this. But like you said, if it were a shadow file, we couldn't crack it. For the most part that's true, but it could have been "shadowed" with DES or MD4 for example which in certain cases can be exploited (most likely not by us).
     
  8. Aug 25, 2004 #7

    Pi

    User Avatar

    Yes, I'm asking for the cyphertext. I know that would be an ill-posed problem
    if I was just asking you to guess some arbitrary function, but here's some
    additional info: I encrypted the passwords in a very lazy way without using a
    computer or any modern cryptography techniques, and once you know the code it's
    easy to read them without a computer. The encrypted passwords retain a lot of
    the structure of the originals. The unencrypted text is notes to myself about
    the passwords - I've given it to you as if you found the file on my
    computer.

    This isn't a question about factorising enormous numbers or getting a
    supercomputer to ruminate on the problem for hours. The way to do it is to use
    a bit of psychology, look for whatever patterns you can see, and try a few
    things out. Maybe it's still not possible, in which case I'll be reassured, but
    I reckon it's only about 1 order of magnitude harder than decoding puzzles you
    see in children's puzzle books.

    As to it being illegal.. you don't believe they're really my passwords? :) Fair enough. I've set up a physicsforums account called "Pie" with the password
    nh]rheh;o
    Once you log in to that, it will prove I know the code myself.
     
  9. Aug 25, 2004 #8

    graphic7

    User Avatar
    Gold Member

    Well, I guess you've validated yourself. Cryptography laws are rather harsh in the United States, and I wouldn't want to be subject to that jurisdiction ;) . I'm going to fiddle around with it.
     
  10. Aug 25, 2004 #9

    Pi

    User Avatar

    Understandable! I should've anticipated that but it honestly didn't occur to me
     
  11. Aug 25, 2004 #10

    chroot

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    It's obviously not a shadow password file. Also, I should mention some terminology: Pi has given us the ciphertext, and is asking us to find the corresponding plaintext.

    - Warren
     
  12. Aug 25, 2004 #11

    Gokul43201

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Wow ! You use 16 letter passwords ?!
     
  13. Aug 26, 2004 #12
    I have the feeling that the passwords themselves are only half the length of the encoded form.

    One thing that I find puzzling is that Pi seems to be using passwords which contain recognizable words and then using his code to create encoded versions to store. Wouldn't it make more sense to store the recognizable words and use the code to generate the passwords themselves?
     
  14. Aug 26, 2004 #13
    When you say you DONT need a computer to solve it, do you mean I could sit down with a pencil and paper and solve it? Or do character numbers count? (in which case i dont remember what "]" number is)
     
  15. Aug 26, 2004 #14

    Pi

    User Avatar

    Hey, not a bad idea! Maybe I'll start doing that, except I'd then end up typing my passwords slowly all the time.

    Once you know the code, there's no need for a computer at all. While you're still trying to find it, it might help to just get a computer to try a large number of possible codes, if you've been lucky enough to include the right code amongst your set, or you might waste more time writing the program than you'd spend trying things manually, I'm not sure.

    Anyway, it looks like it's harder to crack than I feared, nice to know! :biggrin:
    My friend who I thought came worryingly close had an unfair advantage, so I'll give you the clue he had: whenever I'm decoding these things I have to stare at my keyboard a lot, then look back to the screen, and then back to the keyboard... so I guess it's not *quite* true that you can decode it entirely without a computer, you need the keyboard at least!
     
  16. Aug 26, 2004 #15
    yea, i knew it was going to be a keyboard layout code. Which of the passwords have real words in them?
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Crack the code!
  1. Neck cracking (Replies: 12)

Loading...