decypher this! (harder)

88rising · Sep 9, 2018

Now decypher this.

Code:

A43C6A1B484E54687D30E57EB043AEA4ED69F84E7A8D8833EAB1F31A2E13F4A1

If you can do this, you're advanced.

Ally · Sep 9, 2018

You chucked in a hash?

Soooo now we're not supposed to be able to find it at all

Ally · Sep 9, 2018

Foxs Pet said:
is it chinese?

It looks like a hash; SHA256, more specifically.

Ally · Sep 10, 2018

Foxs Pet said:
Giving up. Thats a fuckin hash so gl everyone...

Well you can't decrypt a hash, it's only one-way.

Reas0ns · Sep 10, 2018

88rising said:
Now decypher this.

Code:

A43C6A1B484E54687D30E57EB043AEA4ED69F84E7A8D8833EAB1F31A2E13F4A1

If you can do this, you're advanced.

null

88rising · Sep 10, 2018

decrypting sha256 is pretty easy

Ally · Sep 10, 2018

88rising said:
decrypting sha256 is pretty easy

Oh my god.

1. It's not encryption. It's hashing, it can't be decrypted.
2. https://security.stackexchange.com/questions/145284/why-cant-sha256-be-decrypted you need to read this.

Edit: I said up above it's one-way only.

Doge · Sep 10, 2018

I always hear people saying “one way hash” and “non reversible” which is true but misleading because it makes people think you’ll never be able to find the plaintext version of the hash.

Here’s a quote from a Shotbow admin after a data breach:

While we do not believe Shotbow.net passwords are at any risk overall - them being secured with the best form of one-way hashing available to us

I find this funny because I was able to decrypt (you know what I mean by this) many of these hashes, including more complex ones. (They were salted SHA-256 in a more uncommon format)

I also find the announcement super misleading because I’m sure it gave many people confidence in the hashes and caused those who reuse passwords not to change them everywhere.

You can’t find the plaintext of the hash by just by having it, but you can encrypt millions to billions to trillions and more of possible combinations and check if the output hash matches the original. That’s exactly what Hashcat and similar programs do and I’ve used it myself to find the plaintext of hashes. Hell, I’ve even had people find the plaintext of bcrypt hashes using their fancy GPU rigs for me. Theoretically you can find the plaintext to any hash, just that for some you may need a lot of time, from milliseconds to entire lifetimes and longer.

When most people say “decrypt a hash” they don’t mean “magically reverse it”, they mean “Use collision attempts to match a newly generated hash with an existing one, etc.”

So 88rising - what was your intent?

If you intended for people to use hashcat and similar software to find the plaintext (which isn’t super complex), then it is understandable. But if it’s a sentence or something complex, I doubt anybody will find it.

Ally · Sep 11, 2018

Hoe said:
Except there aren't "millions to billions to trillions" of possible SHA256 hashes, there are 2^256 possible hashes. There is no way in hell you're ever going to find an SHA256 collision.

If you have information about the hashes' formats, it becomes significantly easier to bruteforce. And for a lot of people, passwords have common formats, data, etc... it's not about the bruteforcing itself, but about the strategies you employ to optimise the amount you find. But both you and Doge are right; if it's a sentence or something completely different, you're not gonna find it.

Doge said:
(They were salted SHA-256 in a more uncommon format)

Ewww.

Aphantorox · Sep 11, 2018

men you gotta be in apophis squad to be able to decypher this, good luck

Zyger · Sep 12, 2018

I'll give it a shot

decypher this! (harder)

88rising

pistons

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Reas0ns

sn0saeR

88rising

pistons

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Doge

Long Dogs

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Aphantorox

Zyger

Middleman