Sed tr awk substitution problem

Topic: Sed tr awk substitution problem (Read 3079 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Re: Sed tr awk substitution problem

Reply #15 – 23 July 2022, 22:16:50

Ohoho saw couple of examples of those but could not figure out properly as were to many / \\/ / \\ / \ so i took it to an old school kinda short cut with shuf. I got it now and will retry that sed version. I'll see where and if gonna fail again

Re: Sed tr awk substitution problem

Reply #16 – 23 July 2022, 23:01:14

Not only special chars but for example 92 it reads it like a 9 and a 9 represents a ] and instead to output 9 (a number) it outputs a special char ] which i reserved it for number 9.

The fact that it happened 92 to represent a 9 is arbitrary chosen by me without any particular reason. That's why i have no numbers in the output at all as all those 84-92 it reads them as 1-9 which all represents special chars.

I don't think sed is up for the job personally i don't think sed is a very good tool at all for substitution while shuf is God bread of course used it in the way it works.

I got that escaping problem \& and it worked but still have no numbers in the final string.

EDIT: as a example this is how a pass should look like after all those 'math plastic surgeries'
jli*B/`Q6:{GoP;]_gzwS'3Zm|Atc5VW!UL&uHnvr$?NM[Fs~>Cb)}aT%"XdyK,

Re: Sed tr awk substitution problem

Reply #17 – 24 July 2022, 02:52:14

"You can use for your pass only 3 digits 1-5"
If you allow repetition, all digits have 5 possible values. Without it, the first has 5, the second 4, the third 3, which significantly limits the possible variations. Until the password is cracked, how does the cracker know if you have repeated values or not? If they know you do or don't, then of course that info can make things easier either way. Surely the point is all digits can be anything drawn randomly from the range, not that as many as possible must be included? Unless of course you mean that the encryption used does not work so well when characters are repeated.

Re: Sed tr awk substitution problem

Reply #18 – 24 July 2022, 10:36:22

I would recommend having a pass with the backbone 22|19|19| 3 after using that anyone can choose if he wants or not repetitions. But first one should think how strong my pass would be reducing to absurd if i choose indeed 22|19|19|3 but only out of 4 elements.

i.e: * 22 times; b 19 times; T 19 times; and a seven 3 times your pass would met requirements but will be comprised only from 4 repeating elements that can be broken almost instantaneous. Of course assuming a hacker wouldn't know what chassis or what elements would be harder. But a hacker doesn't necessarily wants to break your pass but more passwords as he gets. So it will try first couple of 15 long passwords with/without repetitions at his inspiration than will eventually crank up a notch in complexity upward and see what he can fish from that also.

But what if your random pass was not that lucky when generated and hacker was lucky enough to use only couple of elements into his cracking tools enough to crack your pass but still fell short in case of a pass without repetition. In your case you are at the guessing mercy of hacker while my model it has to use all elements otherwise even if he tries all possibilities but without having 1 element his attack will fail.

So yeah my strategy does not give the most number of combination but isn't very forgivable either and oblige hacker to go thru hell and beyond thru all those arrangements and diversity of those. So my version is the worse case scenario for a hacker where guessing gonna be anything but his friend.

When a person can guess ingredients of a salad? When you add 63 different ingredients or when you have only 20 repeating elements?

Re: Sed tr awk substitution problem

Reply #19 – 24 July 2022, 13:30:25

The guy at GRC while sure has some knowledge and has its arguments i'm still not convinced. Would you?

Read here or check the print screen below

In other words would you rather have a better entropy password or a tricky password where your trick can turn against you pretty easy?

Needless to say he doesn't even get the importance of a healthy pass chassis to rule out unfortunate low quality strings. Still by any mean his passwords aren't weak but i like the better option. Further more he thinks his randomly generated passwords have no pattern which is hilarious. Everything can be categorized and analyzed including his fancy pants 'perfect' passwords..

Re: Sed tr awk substitution problem

Reply #20 – 24 July 2022, 16:27:15

From my limited and incomplete understanding, encryption methods I've looked at work by taking the password and doing some complicated maths, deleting part of the answer, and repeating the process. So the end result can be repeated by inputting the same starting point, but it cannot be calculated in reverse because of the deletions, meaning some of of the info is lost during the calculation. Also, you can have more than one start point that gives the same end point, so your password might even have a different "twin" for a given encryption method. So cracking comes down to trial and error, to see what password generates the same hash. This requires access to the encrypted value for multiple tries though, which is often difficult to achieve. Some of the assumptions on that link are just assumptions, why would someone start by using limited character sets, why wouldn't they start by using all common keyboard characters after exhausting faster dictionary checks? The problem with using any formula is when it comes to multiple passwords. Often you might find some website you use is hacked, and the login details published, including the hashed passwords which can then be broken. So now someone can see examples of the passwords you use. Then if they wanted to target you, they can base future attempts on the type of password you are using. If you know someone uses max length passwords then you jump straight to those and ignore shorter ones, hence what I was saying about any rules make things easier. Adding ..... like that link suggests might work once, but if you do stuff like that all the time then it becomes a pattern. You could even try foreign language characters to further confuse things although some logins would refuse to accept them! I'm sure your methods are pretty secure though in practice and better than most.

Re: Sed tr awk substitution problem

Reply #21 – 25 July 2022, 10:29:53

Quote from: Surf3r – on 23 July 2022, 23:01:14

Not only special chars but for example 92 it reads it like a 9 and a 9 represents a ] and instead to output 9 (a number) it outputs a special char ] which i reserved it for number 9.

That's why I told you the substitution order is important; single digits should be replaced last.

Re: Sed tr awk substitution problem

Reply #22 – 25 July 2022, 15:55:54

Quote from: nous – on 25 July 2022, 10:29:53

That's why I told you the substitution order is important; single digits should be replaced last.

Yeah but i have to respect the order otherwise my pass gonna be a fail just because i have to order on sed's limited way of op.

Meanwhile made a script and made it look more fancy plus added two missed chars ^ and \ .Chassis was slightly changed 24|18|18|3 due to the new added symbols.

Code: [Select]

#!/bin/bash
echo " "
echo "   ➢   Zero Trust Pass version 4.0 "
echo "   -------------------------------"
echo "   ➢   Search Space Depth 94, pass chassis 24|18|18| 3| "
shuf sym -n 24 > t1
shuf az -n 18 > t2
shuf AZ -n 18 > t3
shuf 09 -n 3 > t4
cat t1 t2 t3 t4 > sf
shuf sf > fin
shuf fin > sf
shuf sf > fin
echo > sf
cat fin | tr -d '\n' | tr -d '  ' > string
echo > fin
echo "---------------------------------------------------------------"
cat string
echo "
---------------------------------------------------------------"
echo > string
echo > t1
echo > t2
echo > t3
echo > t4
echo "   ➢   String generated successfully"
echo "   ---------------------------------"
echo "   ➢   Temp files cleared"
echo "   ----------------------"
echo "   ➢   Done"
echo "                                                          
                                                   [Surf3r, 2022]"
exec bash

Uploaded all needed text files (symbols, cap letters, low caps, numbers and the small script) HERE

The script i called it ztp.sh from Zero Trust Pass. All one need just make the script executable and execute the script at user location preference.

Code: [Select]

bash ztp.sh

The output should look like this

Re: Sed tr awk substitution problem

Reply #23 – 27 July 2022, 16:10:56

Think i landed on the perfect formula now. Made the script in such a way it shufs those symbols/ numbers/letters but gives chars a 'chance' to get repeated. In order to mix things up the order of those commands was also mixed up and lists (symbols/az/az/no) from where we choose are also different (but without skipping any element) every time the script is executed. Thought i had to 'Give to Caesar what is Caesar’s' and could not ignore the power of arrangements with repetition due to the significantly boost in possibilities. But still my super secret chassis ingredient 24|18|18| 3 was kept.

What this means is that now the string will be blended behind: 94^63 haystack and not only behind smaller haystack A(94,63). Still as a side note if a char gets repeated excessively i would suggest generate another with a more decent repetition number (maybe 3-4x maximum)

Here's how this looks now. Called it ztpq.sh (q from quantum)

Script and necessary files download from here

Code: [Select]

#!/bin/bash
echo " "
echo "      ➢  Zero Trust Pass Quantum, version 7.0 "
echo "         ---------------------------------"
sleep 0.5s
echo "      ➢  Search Space Depth 94, pass chassis 24|18|18| 3| "
sleep 0.5s
shuf sym > sym2
shuf sym2 > sym
echo > sym2
shuf az > az2
shuf az2 > az
echo > az2
shuf AZ > AZ2
shuf AZ2 > AZ
echo > AZ2
shuf no > no2
shuf no2 > no
echo > no2
shuf sym -n 1 > t22
shuf sym -n 1 > t21
shuf az -n 1 > t33
shuf az -n 1 > t37
shuf sym -n 1 > t9
shuf az -n 1 > t25
shuf AZ -n 1 > t45
shuf sym -n 1 > t17
shuf AZ -n 1 > t52
shuf sym -n 1 > t15
shuf AZ -n 1 > t55
shuf AZ -n 1 > t60
shuf AZ -n 1 > t43
shuf az -n 1 > t29
shuf sym -n 1 > t16
shuf az -n 1 > t42
shuf sym -n 1 > t23
shuf sym -n 1 > t4
shuf az -n 1 > t36
shuf AZ -n 1 > t49
shuf no -n 1 > t61
shuf az -n 1 > t28
shuf sym -n 1 > t7
shuf AZ -n 1 > t44
shuf AZ -n 1 > t54
shuf no -n 1 > t63
shuf AZ -n 1 > t57
shuf sym -n 1 > t1
shuf AZ -n 1 > t51
shuf sym -n 1 > t8
shuf az -n 1 > t31
shuf az -n 1 > t35
shuf az -n 1 > t38
shuf AZ -n 1 > t56
shuf AZ -n 1 > t59
shuf sym -n 1 > t24
shuf sym -n 1 > t19
shuf AZ -n 1 > t46
shuf AZ -n 1 > t58
shuf sym -n 1 > t12
shuf az -n 1 > t26
shuf sym -n 1 > t5
shuf AZ -n 1 > t53
shuf sym -n 1 > t6
shuf az -n 1 > t40
shuf sym -n 1 > t18
shuf AZ -n 1 > t50
shuf az -n 1 > t34
shuf sym -n 1 > t10
shuf sym -n 1 > t11
shuf no -n 1 > t62
shuf sym -n 1 > t2
shuf az -n 1 > t32
shuf az -n 1 > t39
shuf sym -n 1 > t3
shuf az -n 1 > t30
shuf sym -n 1 > t20
shuf sym -n 1 > t14
shuf AZ -n 1 > t47
shuf sym -n 1 > t13
shuf az -n 1 > t27
shuf az -n 1 > t41
shuf AZ -n 1 > t48
cat t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t13 t14 t15 t16 t17 t18 t19 t20 t21 t22 t23 t24 t25 t26 t27 t28 t29 t30 t31 t32 t33 t34 t35 t36 t37 t38 t39 t40 t41 t42 t43 t44 t45 t46 t47 t48 t49 t50 t51 t52 t53 t54 t55 t56 t57 t58 t59 t60 t61 t62 t63 > sf
sleep 0.2s
shuf sf > fin
sleep 0.2s
shuf fin > sf
sleep 0.3s
shuf sf > fin
echo > sf
cat fin | tr -d '\n' | tr -d '  ' > string
echo > fin
sleep 0.5s
echo "---------------------------------------------------------------"
cat string
echo "
---------------------------------------------------------------"
echo > string
echo > t1
echo > t2
echo > t3
echo > t4
echo > t5
echo > t6
echo > t7
echo > t8
echo > t9
echo > t10
echo > t11
echo > t12
echo > t13
echo > t14
echo > t15
echo > t16
echo > t17
echo > t18
echo > t19
echo > t20
echo > t21
echo > t22
echo > t23
echo > t24
echo > t25
echo > t26
echo > t27
echo > t28
echo > t29
echo > t30
echo > t31
echo > t32
echo > t33
echo > t34
echo > t35
echo > t36
echo > t37
echo > t38
echo > t39
echo > t40
echo > t41
echo > t42
echo > t43
echo > t44
echo > t45
echo > t46
echo > t47
echo > t48
echo > t49
echo > t50
echo > t51
echo > t52
echo > t53
echo > t54
echo > t55
echo > t56
echo > t57
echo > t58
echo > t59
echo > t60
echo > t61
echo > t62
echo > t63
echo "      ➢  String generated successfully"
echo "         -----------------------------"
sleep 0.2s
echo "      ➢  Temp files cleared"
echo "         ------------------"
sleep 0.2s
echo "      ➢  Done"
echo "                                                          
                                                   [@2T2, 2022]"
exec bash

Re: Sed tr awk substitution problem

Reply #24 – 28 July 2022, 09:48:55

Tried again @capezotte variant we talked previously

Code: [Select]

tr -Cd '[ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]' < /dev/random | head -c1; echo

But when add all those symbols they aren't read like they should. Need escaping too. Man this programs can't escape their own 'hidden traps' at least not easily.

Re: Sed tr awk substitution problem

Reply #25 – 29 July 2022, 04:34:05

Works as I expect on my machine after replacing the embedded single quote with '\'' and doubling the backlash.

I don't get what you mean by "aren't read as they should", though.

Re: Sed tr awk substitution problem

Reply #26 – 29 July 2022, 07:49:10

Yep now works (it reads it like it should, meaning like i needed)

Re: Sed tr awk substitution problem

Reply #27 – 29 July 2022, 08:08:52

One single correction though when use symbols there's no need to put them inside square brackets cos that will make those brackets show up more often than the other symbols. It would ruin the password that will have probably more square brackets than normal.

Re: Sed tr awk substitution problem

Reply #28 – 29 July 2022, 09:31:47

Man i tell you, something really strange happening here i mean is that strange that almost if not fully goes into paranormal realm. Tried to combine @capezotte command but i'm really stunned that when i'm trying to shuf the output text file by some mysterious reason shuf refuses to mix that file. It's like shuf recognizes either from what reads from memory or God knows from where it simply does not do what it should be doing and i'm getting all symbols concentrated in the first part. Tried as follow:

Code: [Select]

tr -Cd 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' < /dev/random | head -c63 > t1

But when i try to shuf t1 text file it doesn't change it as usual and i'm beyond puzzled why?!?!?!?

shuf t1 > t2

t2 will be exactly the same as t1

I'm wondering what kind of escape have to insert where this time to make things bloody work.

Re: Sed tr awk substitution problem

Reply #29 – 29 July 2022, 09:37:28

Found it why sorry, is because shuf work in columns and that output is in a row XD