Irreversible Encryption Algorithm

samiux

Mr. Benny Tai (戴耀廷) said that the information at 6.22 Civil Referendum website (https://secure.popvote.hk) is encrypted by irreversible encryption algorithm.

The information that the website keeping is the Name, HKID card number and telephone number of the voters.  Suppose that the HKID card number and telephone number are encrypted by irreversible encryption algorithm.

There are a number of encryption algorithm available in the market.  I suppose Mr. Benny Tai will not create a new encryption algorithm for the voting.  That means, the website will use the available encryption algorithm.  The irreversible encryption algorithm is similar (or same as) to produce a hash value of the original string or data, such as MD5, SHA1, SHA-256 or RSA.

There are a number of hash cracking tools in the market.  Those tools can detected the encryption algorithm that used by the hash value automatically.

The website only allow Hong Kong citiizen to vote.  That means, the HKID card number should be in the following format - A123456(7).  There should not be XA123456(7) as it is for foreigner only.  Therefore, the first letter should be one character from A to Z.  And follows by 6 numeric.  Then the character in the bracket should be between 0 to A (that is 0123456789A, it is module 11).  The policy of the HKID card is very easy to predict.  Meanwhile, the telephone number is only 8 numeric.  As a result, we got the policy of HKID card number and telephone number.

As I said before, the hash cracking tools can detect the encryption algorithm automatically.  We can apply the HKID card number and telephone number policies to the hash cracking tools, such as hashcat or oclhashcat (http://hashcat.net/oclhashcat/), and we can crack the irreversible encryption data very easily.

This article is based on my presumption only.

Update reason : typo fix

snoopy11hk

Mr. Benny Tai (戴耀廷) said that the information at 6.22 Civil Referendum website () is encrypted by ...
samiux 發表於 2014-8-30 11:27

according what he said, it should be a encryption algo + a hashing algo
but i suspect that PRC can crack it using the DDOS troops.

samiux

according what he said, it should be a encryption algo + a hashing algo
but i suspect that PRC can ...
snoopy11hk 發表於 2014-8-30 13:04

If so, it should be a little bit complicated only.

Samiux

snoopy11hk

If so, it should be a little bit complicated only.

Samiux
samiux 發表於 2014-8-30 13:26

it is no use against the DDOS password crack

samiux

it is no use against the DDOS password crack
snoopy11hk 發表於 2014-8-30 13:47

I don't understand what you mean.

Anyway, I think the web server cannot do a lot of encryption or/and hash algorithm in the real time as it requires a lot of process power (CPU power here) to do so in term of performance and security.  

Samiux

snoopy11hk

I don't understand what you mean.

Anyway, I think the web server cannot do a lot of encryption or ...
samiux 發表於 2014-8-30 13:58

    i mean cracking using the distributed computing...

KoolFreeze

i mean cracking using the distributed computing...
snoopy11hk 發表於 2014-8-30 14:09

Is distributed computing necessary?

According to the benchmark by oclHashcat, a single typical computer with a decent GPU can easily achieve hash rate 1000 million tries / s.

HKID has only 26 * 10^6 (1 letter + 6 digit) combination = 26 million

By simple calculation, we can reverse the "irreversible" hash in 0.026s, or 26 millisecond, less than ping time from my computer to Google.

It's irresponsible for Mr. Tai to claim that the data can't be decrypted.

KoolFreeze

所有以電子方式收集的個人資料會於傳送時使用SSL進行加密，並會以不能還原的散列代碼形式記錄於伺服器，以確保有關資料實際上無法被人破解和還原。

^ It seems that what they meant by encryption is just SSL!? It should be irrelevant if the hacker cracked the database.

dsscss

本身DESIGN無透露, 跟本就好難評估...
你唔可以話佢易CRACK,
又唔可以話佢難CRACK...
因為無相關資料提供...

HASH的話通常會配合埋SALT, 唔係就咁HASH就算...
而SALT的話會用幾多BIT呢?
這些都會增加破解的難度...

Charcoal99

unreservable  ???
Do you mean irreversible.