search

rchatterjee / nocrack

A new kind of password vault that fools the brute-force attacker by charning out decoy passwords.
MIT License
26 stars 17 forks source link

buggy coding or decoding #5

Closed benedict-beuscher closed 6 years ago

benedict-beuscher commented 8 years ago

i checked this a lot, now i'm sure it is a bug. This is what i did: got a clean copy of the up-to-date repo. set up a new virtual env. deleted static/vault.db. than: ~/NoCrack$ ./honey_client -addpass aaaaaa google.com mypassword -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa google.com -> "google.com": "mypassword" ~/NoCrack$ ./honey_client -addpass aaaaaa facebook.com mylove -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa facebook.com -> "facebook.com": "mylife" //error no1 ~/NoCrack$ ./honey_client -addpass aaaaaa yahoo.com cutie1 -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa yahoo.com -> "yahoo.com": "mitch1" //error no2 ~/NoCrack$ ./honey_client -getpass aaaaaa google.com //check the first again -> "google.com": "myiloveyou" //WTF?

i tried this over and over again, sometimes the first 3 or 4 passwords get stored and i can read them out correctly, but after a few more stores, a password like "iloveyou" will get changed to "ihateyou" or similar. also, the previously stored passwords change after adding new ones.

rchatterjee commented 8 years ago

Ohh, I have never replied to this message. Sorry for that.

Yup, you are right there is a bug. I will debug that. Currently I am slightly busy, I shall look into it as soon as I get some bandwidth.

On Thu, Oct 22, 2015 at 8:39 AM, benedict-beuscher <notifications@github.com

wrote:

i checked this a lot, now i'm sure it is a bug. This is what i did: got a clean copy of the up-to-date repo. set up a new virtual env. deleted static/vault.db. than: ~/NoCrack$ ./honey_client -addpass aaaaaa google.com mypassword -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa google.com -> "google.com": "mypassword" ~/NoCrack$ ./honey_client -addpass aaaaaa facebook.com mylove -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa facebook.com -> "facebook.com": "mylife" //error no1 ~/NoCrack$ ./honey_client -addpass aaaaaa yahoo.com cutie1 -> ... [answer-message] OK ~/NoCrack$ ./honey_client -getpass aaaaaa yahoo.com -> "yahoo.com": "mitch1" //error no2 ~/NoCrack$ ./honey_client -getpass aaaaaa google.com //check the first again -> "google.com": "myiloveyou" //WTF?

i tried this over and over again, sometimes the first 3 or 4 passwords get stored and i can read them out correctly, but after a few more stores, a password like "iloveyou" will get changed to "ihateyou" or similar. also, the previously stored passwords change after adding new ones.

— Reply to this email directly or view it on GitHub https://github.com/rchatterjee/nocrack/issues/5.

rchatterjee commented 6 years ago

Made some fixes. And I don't see any more this issue. See this df012547e79ac50d5ad27ac73ca441ee5fda2f2f