I really give up

piter tojopiter at yahoo.com
Thu Oct 3 18:16:59 CEST 2002


>
> One solution: use the low-order bytes of Python's long integers.
>
> def make_hash(password, seed):
>     y = long(seed)
>     x = 0L
>     for ch in password:
>         x = (x & 0xffffff00L) | ord(ch)
>         y ^= x
>         y += x
>         x <<= 8
>         y ^= x
>         x <<= 8
>         y -= x
>         x <<= 8
>         y ^= x
>         z = int(y & 0x1f)
>         y &= 0xffffffffL
>         y = ((y << z) | ((y >> (32- z))))
>
>     return y & 0xffffffffL
I tried it also. Doesn't work...

>
> Note however that this hashing algorithm is *not* secure.  A decent
desktop
> takes less than 4 minutes to try 2**32 passwords with a given seed. Thus,
> assuming that the hashing algorithm works, I can should be able to find
> a password that hashes to any desired hash value for a given seed in that
> amount of time.  You may as well store the passwords in plaintext.
>
> Instead, may I suggest the sha module?
>
> Avoiding-roll-your-own-crypto-like-the-plague-ly y'rs,
Yes, I am aware of that. The only thing I'm trying to do is to implement
that alghoritm in python in order to give the hashed password back to some
server that uses it.

>
> --
>  Nick Mathewson    <Q nick Q m at alum dot mit dot edu>
>                       Remove Q's to respond.  No spam.





More information about the Python-list mailing list