Hi all 
Just wanted to know something, first time I post here. So…Im uPPed, Im 15 years old, like computers, always learning
(knows Delphi and kinda Java) .
Anywayz,
About a password field, its very easy to crack… Is there a way to improve the Gate, but its harder to crack it ? Cause I really need it on my site, but if its that unsave :s
Plz help, thx.
I am assuming you want it in flash?
If so, yes. I could crack your password.
If you mean in html, or any other language.
… Yes. I could crack your password as well.
See, it isn’t about “is my password safe”. It is about “how long will my process deter them from trying anymore”. Because NO site is 100% secure. You have to realize that we are finite humans trying to build something with capability of perfection. Not possible.
=]
the safest way is to of course run it through a serverside script. If you’re not doing that then of course its not safe. .swfs can be cracked and code can be read. You can try to mask your code with Action Script Obfuscator but that can only go so far (it does pretty damn well for the most part though).
uPPed,
If u use flash with a server side script like .asp or something + database then it can be as safe as hotmail.com or whatever( as long as your host is safe and secure)
if you just use standard actionscript and hard code the password inside the swf then ofcourse its not safe at all.
Thx for all the help guys,
how do i crack passwords from Flash?
Are you serious?
I don’t think I should teach ya how to… doesn’t seem ethical.
=]
heh NerdInside posted a swf he challenged people to crack (saying it couldnt be done) a while back. Heres what he posted:
http://userpages.umbc.edu/~tmccau1/flash/flashkit/contest.swf
I immediately returned with
http://userpages.umbc.edu/~tmccau1/flash/flashkit/cracknerdinside.swf
heh good times
lol… did all you do is take:
on (release)
{
coded = "";
n = 1;
for (m = 1; Number(length(user)) >= Number(n); m = Number(m) + 1)
{
t = substring(user, n, 1);
s = substring(pass, m, 1);
u = ord(t) * ord(s);
v = ord(u) * 3.141593 / 2.718282 + 123.321000;
w = ord(v) - ord(u) + ord(t) - ord(s) + 321.123000;
x = ord(w) * ord(v) / ord(u) + 112233.332211;
coded = coded + x;
n = Number(n) + 1;
} // end of for
n = 1;
m = 1;
and have it just display what coded was? Ah… that’s good times
=}
no because he pre-made a username and ran that username past that calculation to generate the password. It had the potential to be really nasty, but as intimidating as that little block of code looks, it really only spits out a small number of variants for any given letter. Here is a printout I did going through that
112277.174316263 user: a, pass: a
112277.174316263 user: a, pass: b
112277.174316263 user: a, pass: c
112277.174316263 user: a, pass: d
112277.174316263 user: a, pass: e
112277.174316263 user: a, pass: f
112277.174316263 user: a, pass: g
112283.332211 user: a, pass: w
112283.332211 user: a, pass: x
112283.332211 user: a, pass: y
112283.332211 user: a, pass: z
112277.174316263 user: b, pass: a
112277.174316263 user: b, pass: b
112277.174316263 user: b, pass: c
112277.174316263 user: b, pass: d
112277.174316263 user: b, pass: e
112277.174316263 user: b, pass: f
112283.332211 user: b, pass: x
112283.332211 user: b, pass: y
112283.332211 user: b, pass: z
112277.174316263 user: c, pass: a
112277.174316263 user: c, pass: b
112277.174316263 user: c, pass: c
112277.174316263 user: c, pass: d
112277.174316263 user: c, pass: e
112283.332211 user: c, pass: y
112283.332211 user: c, pass: z
112277.174316263 user: d, pass: a
112277.174316263 user: d, pass: b
112277.174316263 user: d, pass: c
112283.332211 user: d, pass: z
112277.174316263 user: e, pass: a
112277.174316263 user: e, pass: b
112277.174316263 user: e, pass: c
112277.174316263 user: f, pass: a
112277.174316263 user: f, pass: b
112277.174316263 user: g, pass: a
97: a
98: b
99: c
100: d
101: e
102: f
103: g
104: h
105: i
106: j
107: k
108: l
109: m
110: n
111: o
112: p
113: q
114: r
115: s
116: t
117: u
118: v
119: w
120: x
121: y
122: z
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711
UPPER 112285.394711 // M
UPPER 112286.415544333 // N
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
UPPER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
LOWER 112286.415544333
you can see the similarities. Its a simple flaw in the implementation. I wouldnt have gone to the trouble of making a keygen if it wasnt so easy 
But having a script like that to mangle an input is a good way to go about ‘harder to crack’ password protection.
would css work?? i havent played around with css much but i heared it might work for a password protection. dont take my word for it :+)
*Originally posted by Alex *
**would css work?? i havent played around with css much but i heared it might work for a password protection. dont take my word for it :+) **
is that right? I was unaware css could be used for that. Ive only used it for formatting (though limited at that) I havent exactly reached deep into css and its real capabilities yet. If it can handle passwords and things of the such, Ive not given it enough credit 
:: Copyright KIRUPA 2024 //--