Decrypt The UFD2 Hash Password ((BETTER))
Decrypt The UFD2 Hash Password
jason brown said: nice. i’ve been waiting for this. i really think that you guys are doing a great job! i’ve been using the ufd2 for about 2 years now, and i’ve cracked more than 100 pass-words. i’m very happy with it!
however, if we calculate this formula with an encoded value, the result will vary based on the salt used. for example, if we use this salt i.e. tx1e0x5bcgw3a2j4rbfk8ptkb5wm7t0, then we will get 30 characters with a similar length as the original password.
this algorithm is based on the blowfish cipher. it uses adaptive hash algorithm to store password which is a one-way hash of the password. bcrypt internally generates a random salt while encoding passwords and store that salt along with the encrypted password. hence it is obvious to get different encoded results for the same string. but one common thing is that everytime it generates a string of length 60.
this may be a very low-risk technique. the attacker may use the resulting code as a base for calculating other passwords. to be sure, the hash passwords are so complex that they are not easily cracked using software.
the sha1 hash function on the other hand, has an even lower collision risk, because it is based on a random process, and because it is much easier to bruteforce the hash. the table below shows the different hash functions used in the use of the ufd2 algorithm. from what i’ve seen, even with a very large size of password, it is possible to crack the hash.
the ufd2 is the way facebook stores the users passwords. by using the ufd2, facebook can encrypt your password in a secure way. the password is base64 encoded and then ufd2 encrypted. the user data is also base64 encoded, but there is no ufd2 hash of the data.
Edward said: Your script works in all of the cases I found, however when I find a hash that I do not have, I get the ‘No password’ message. I get a typical “Gimme the damn password” message. Is there a way to make it a little bit more ‘people friendly’?
Re: The image, I do use it, and it’s much better with the two-letter version. That said, I do have to add that I don’t really understand why everyone seems so interested in hacking the software, or has a password that is so weak that some poor man’s password cracking software is their only tool to solve their problem? This feels like a version of “Warez” where some major quest for something better is going on.
A little comment on the password cracking section. Yes, it works, and is very helpful, but having a weak password is a recipe for disaster. Unless you have an account on your own machine without any personal information stored, don’t use a weak password. Also, another reason to use different passwords for each account. That said, this is great software, and does what is supposed to be done. Good job!
Re: “what a pity” – “in your free time, even more in the night, you do not have a non-free software to crack your password.” Sure I have. I have a free one. But since I prefer to be GPL, I have this. If I liked to be non-GPL, I would have already made a non-GPL one, or had a non-GPL one already.
I just use this software to mine a mother’s last name: my wife’s mother’s last name is yon, so I used ‘b’ as salt. I only have to input her last name, and it generates a bcrypt hash, let me see how much time it takes on a slow computer. So we can calculate that for 100 characters, it would take about 6 minutes. That’s how much time it takes to crack a bcrypt hash of 100 characters.