• 0

UNIQPASS & Other Software A-like


Question

Hey Guys,

 

Recently there's been issues with Forums being hacked, passwords not being salted, etc.. So, in an attempt to understand what all of that means, I've been looking into figuring out how secure my password really is. I'm not looking to do anything illegal or any form of hacking. Believe me, that's the last damn thing I need. Nobody wants the suits sniffing their arse.

 

My friend Bryan gave me this link and I'm quite curious about it, but I don't want to pay $13 for a piece of software I've never heard of.

 

https://dazzlepod.com/uniqpass/

 

This is the software I'm talking about, Uniqpass. Towards the bottom there are other links, and when I click on one, (I chose THC-Hyrda), it was flagged by FireFox.

 

Has anyone heard of these pieces of software?

 

Basically, I want to improve the strength of my password, making it much harder to crack. My current one that I use for most of my critical passwords is 13 characters, alphanumeric special characters. Each password, i.e. Bank #1 is different from Bank #2 or Health Insurance vs Dental Insurance.

Link to comment
Share on other sites

18 answers to this question

Recommended Posts

  • 0

how secure your password is in what sense??  You could use a 64 character alphanumeric with case.. All means ZERO if the site your using this on stores it in clear text ;)  And their db gets exposed..

 

What you actually use for your password does not matter in the case of websites db getting exposed - how they store the password is what matters.  If  your concerned then I would contact the site owners to their security methods.

 

But yes using a strong password and unique for all your different online needs is a good practice.  If you use something like lastpass it will give you a score on your passwords, based upon strength, age, if site is compromised, if you use them on multiple sites, etc.

 

 

 

 

Link to comment
Share on other sites

  • 0
10 hours ago, Zlip792 said:

You can see the strength of your current passwords from here - https://www.grc.com/haystack.htm

 

For online passwords dumps update, you can subscribe or check here - https://haveibeenpwned.com/

Sounds like a good source, I'll check it out. I'm always looking for ways to improve my passwords. I'm trying to come up with new user ids, that's where my trouble starts. Haha.

9 hours ago, BudMan said:

how secure your password is in what sense??  You could use a 64 character alphanumeric with case.. All means ZERO if the site your using this on stores it in clear text ;)  And their db gets exposed..

 

What you actually use for your password does not matter in the case of websites db getting exposed - how they store the password is what matters.  If  your concerned then I would contact the site owners to their security methods.

 

But yes using a strong password and unique for all your different online needs is a good practice.  If you use something like lastpass it will give you a score on your passwords, based upon strength, age, if site is compromised, if you use them on multiple sites, etc.

 

 

 

 

Well, I guess you could say I wanted to know/see how fast it would take to decrypt it depending on how it was stored. But after speaking with a Professor from WGU, I'd be here for months trying to accomplish that.

 

8 hours ago, Circaflex said:

Well for one don't pay for hydra. It's a common free tool built into most pen testing Linux distros. 

I thought I saw it on Kali Linux, but my laptop is currently indisposed of right now.

Link to comment
Share on other sites

  • 0

Without knowing the storage method of the site there is no way for you to know how secure your password is, like I said for you know they store it in plain text.  This is why you do not use the same password on all your sites.  If 1 site gets compromised all your sites could be.

 

Since most sites use email addresses as login.  Its quite simple to try known passwords/email combo's on other sites.

 

You would hope that most sites lock out your account on too many failures, Which should be a very low number - so does not really matter if your account could be bruteforced in 10 seconds or 10 years.  What matter is if they can reverse the storage to get the password or if there is an equivalent that produces the same hash, ie a collision.

 

As to months to decrypt its storage?  If stored correctly there really is no decrypt..  Passwords are normally stored in 1 way hashes, there is no way to do math on the hash and find the password.  The only way is to keeping hashing passwords until find a match or collision.  So you need to know how they come up with the hash. What salt is used, etc.

 

If the method of storing "password" produces "046E1803362E595C260E0B240619050A2D"  you need to know what they did to turn password into that.  So you can just start producing a table of passwords and their hashes.  Once you have that table you and you have the hash, you can just lookup the password.  Kind of a predone bruteforce.

 

So I am unclear what your trying to figure out exactly?  The reason a long password with lots of characters is good is because its to create the hash table of passwords that are 1-8 characters and only use say a-z is going to be much easier and faster to produce than say passwords that are 1-20 and a-z, A-Z, 0-9, !-+ etc..

 

So for example a simple md5 rainbow table of 1-8 characters of just [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] is like 127GB in size, while 1-9 of same character set would blow up to 690GB...

Link to comment
Share on other sites

  • 0

You answered what I wanted to know. It's a variation of things, how it's stored, what kind of salt, etc.. The other portion was to know the size of rainbow tables, I'd never a massive amount of space to even come up with a reasonable amount of stuff to play with. So in reality, it's not really worth the time unless you plan on dedicating thousands of dollars to a hobby that's worse than collecting rocks. :p Looks like I need to read up more on things. I was trying to figure out the elliptic curves, and how that played a role in things. I honestly didn't know about elliptic curves until a few months ago.

Link to comment
Share on other sites

  • 0

Don't worry you will forget about them in a few minutes, once a squirrel runs by your window or something ;)   So hows the job hunt going buddy?

 

So your taking a crypto class, or just your math class? Elliptic curves are not really gone over from what I remember until graduate level courses like arithmetic geometry..   Or was it just a squirrel that ran by? ;) hehehe

 

The new ssh keys ed25519 is elliptic curve based, is that were you ran across them?

Link to comment
Share on other sites

  • 0
21 hours ago, BudMan said:

Don't worry you will forget about them in a few minutes, once a squirrel runs by your window or something ;)   So hows the job hunt going buddy?

 

So your taking a crypto class, or just your math class? Elliptic curves are not really gone over from what I remember until graduate level courses like arithmetic geometry..   Or was it just a squirrel that ran by? ;) hehehe

 

The new ssh keys ed25519 is elliptic curve based, is that were you ran across them?

It's not going to hot, actually. My previous employers are talking major crap, they told me one thing, but tell everyone another. So right now, I'm pretty "toxic", from what they said. I may not even get unemployment because of them. They're making it out that I was a hostile employee, and that I didn't do my job. But on the bright side, my blood pressure is down 50 points, and I'm a lot happier than when I was working there. I've applied a few places, I'd prefer to work in a data center until I can finish school, I know that kind of work best. I was called about a job last week, but it all depends on if they get the funding or not. I applied for two more positions in a Microsoft data center, but everyone says it's hell on earth there. But hey, a job is a job, and I value any experience i can get. I've figured out why things don't stick, 1. I lose interest easily, and 2. I'm lazy. Lol.

 

Nah, my co-worker suggested a book to me, which I ended up purchasing out of pure boredom. I've tried reading it, but I don't understand SQUAT in it. It's called "Applied Cryptography" by Bruce Schneier. And screw squirrels. I had to run a cat6 cable underground because those snots chewed it. Not to mention fined by the Utility company for opening a box that I didn't have access too. A week with no internet?! Forget that! $30 ain't bad though :p

Link to comment
Share on other sites

  • 0

I haven't spent a long time on that website but UNIQPass seems like a password list rather than software. The software that you should be more interested in is JTR (John the Ripper).

 

I used this years and years ago and used an awesome guide from a few forums but neither exist anymore :(

 

Unfortunately we are going back nearly 10 years now and I literally don't remember a thing about it and I never played around too much.

 

 

 

 

Link to comment
Share on other sites

  • 0

Cryptography has always faciniated me. From blowfish to twofish and the aes rjindael, and the old julius ceasear favorite, rot13. Ive been messing anout with them all for a few years. Block vs chain ciphers, yep, im a geek :D

Link to comment
Share on other sites

  • 0
On 7/20/2016 at 6:16 AM, BudMan said:

That book is a bit advanced to start out with..  Maybe something like this would of been a better start ;)

https://www.amazon.com/Cryptography-Dummies-Chey-Cobb/dp/0764541889

 

 

I see what you did there. :p

 

2 hours ago, Ph1b3r0pt1c said:

Cryptography has always faciniated me. From blowfish to twofish and the aes rjindael, and the old julius ceasear favorite, rot13. Ive been messing anout with them all for a few years. Block vs chain ciphers, yep, im a geek :D

There's a lot I want to learn. I want to be that crazy old guy like, @BudMan who knows a metric crap ton, and has a lot to offer the next generation. First step is admitting you have a problem though, so here goes it. I'm a retard. There.

Link to comment
Share on other sites

  • 0
On July 29, 2016 at 0:03 AM, BinaryData said:

I see what you did there. :p

 

There's a lot I want to learn. I want to be that crazy old guy like, @BudMan who knows a metric crap ton, and has a lot to offer the next generation. First step is admitting you have a problem though, so here goes it. I'm a retard. There.

Hahah never a retard, nerd definatly but not retard :D

Link to comment
Share on other sites

  • 0
15 hours ago, BudMan said:

BD reminds me of dory from nemo..

Hey man, being called Clint Eastwood from the Gran Torino is a compliment. He was an ass, but in the end he showed that he had another side.

 

Anyways, back on topic. I'll look into these programs more.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.