12-23-2012, 09:41 PM
first, we crack hashes, not encryption.
second, an attacker wouldn't have to crack the passwords. they would simply run all of the passwords in your database back through your function with your key, and instantly decrypt all of them at once. there's a reason we hash passwords instead of encrypting passwords, and that's because encrypting passwords is a very bad idea. if an attacker can access your password database, they almost always can also view the function and keys you used to encrypt the passwords. encryption does not provide any real protection, and that's why everyone hashes passwords instead of encrypting them.
third, you used ecb mode instead of cbc mode. never use ecb mode, n00b.
fourth, why blowfish? why not rijndael, serpent, or twofish?
second, an attacker wouldn't have to crack the passwords. they would simply run all of the passwords in your database back through your function with your key, and instantly decrypt all of them at once. there's a reason we hash passwords instead of encrypting passwords, and that's because encrypting passwords is a very bad idea. if an attacker can access your password database, they almost always can also view the function and keys you used to encrypt the passwords. encryption does not provide any real protection, and that's why everyone hashes passwords instead of encrypting them.
third, you used ecb mode instead of cbc mode. never use ecb mode, n00b.
fourth, why blowfish? why not rijndael, serpent, or twofish?