INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

CAPICOM

CAPICOM

(OP)
I came across this in a search and it seems that this is vulnerable to many password crackers. I believe this code snippet was from strongm.

Public Sub Example2()
Dim myHash As HashedData

Set myHash = New HashedData
myHash.Algorithm = CAPICOM_HASH_ALGORITHM_SHA_512
myHash.Hash StrConv("Hello", vbFromUnicode) ' for the sake of this example we are converting the string so we match earlier API solution
MsgBox myHash.Value
End Sub

Even using SHA-512 it is cracked. Using CAPICOM is there a way around this?

Thanks.

Swi

RE: CAPICOM

Sorry,where do you get the info that SHA-2, and in particular the SHA-512 variant, is compromised?

RE: CAPICOM

(OP)
Hi strongm,

I tried a site: https://crackstation.net/

Seems to be able to crack any hashed password I give it with the above code.

Now, if I remove the strconv function it does not crack it due to it being unicode.

Thanks.

Swi

RE: CAPICOM

(OP)
I understand however the website above is deciphering it consistently unless I leave as unicode or provide a unique or static salt to it.

Swi

RE: CAPICOM

When it comes to passwords, the use of hashing does not obviate the requirement to follow good password practice, such as using strong passwords. So if I take a fairly typical password rule (Microsoft's length and complexity rule):

Passwords must have at least 8 characters.
Passwords must contain characters from three of the following five categories:
  • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
  • Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}:;"'<>,.?/
  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
I might end up with a password such as A1biker! - for which Crackstation does not have a precomputed SHA-512 hash to look up (even though it isn't a particularly strong password)

Further, if you are working with passwords (rather than generating a simple hash digest, which is what my original code does), then the hashes should always be properly salted (as Crackstation itself points out)

(oh, and just to be pedantic, Crackstation is not doing any deciphering)

RE: CAPICOM

(OP)
Ok, salts it is. Thanks.

Swi

RE: CAPICOM

You do know that CAPICOM is a dead technology now, right?

It can be jammed into Win7 but isn't recommended, and it doesn't work at all in current versions of Windows.

RE: CAPICOM

Works fine on my copy of Windows 10.

RE: CAPICOM

So it does, you just need to install the SDK and then manually install the DLL as described in the readme.txt file from the SDK.

Good to know for keeping old programs alive.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close