'Passwordle' that reveals the hidden password in Wordle format has appeared, and it is a level that only a hacker of Gachi can decrypt it



Wordle , a word game that guesses the hidden five-letter English words that became a hugely popular game all over the world and was acquired by the New York Times, has become a Japanese version and a battle royale-style battle type. We have created a variety of similar games, including improved versions , Pokemon-specific and Kanji-specific . Meanwhile, ' Passwordle ' has appeared, which makes you feel as if you were a hacker by 'analyzing hidden passwords'.

rsk0315.github.io/playground/passwordle.html
https://rsk0315.github.io/playground/passwordle.html



It's easy to play, just enter alphanumericals in the text box. Since there are no hints and even the number of characters in the password is unknown, I tried entering a list of completely randomly entered characters ...



A hint appeared at the bottom of the screen as shown below. This is an output of the entered character list as a hash value using SHA-256 , a cryptographic hash function developed by the National Security Agency (NSA), an intelligence agency of the US government. The output hash value is color-coded in gray, yellow, and green, and like the original Wordle, 'value not included in the hash value of the correct password' is gray, and 'the position of what is included in the hash value of the correct password'. It seems that 'values that are different' are displayed in yellow, and 'values that are included in the hash value of the correct password and the position is also correct' are displayed in green.



In the first place, SHA-256 is a hash function that outputs a fixed length value (hash value) from the original text of any length (in this case, the estimated value of the password entered by the user). You can always get the same value from the same source text, but you can get completely different values from even slightly different source text. Therefore, for example, even if you enter serial numbers, you can get completely different hash values, and even if you are an amateur, you can not understand what is a hint and what is not a hint.



On the overseas bulletin board Hacker News , 'It's a very niche game that few people will send it and make you laugh. I laughed a lot, 'said a user who confessed that the game was too niche but stabbed me, and' I know the algorithm is SHA-256, but the problem is that the length of the answer password is unknown. It may be as many as the number of hydrogen atoms in the universe, or it may be about 12 characters. You will need to launch a niche attack or find a feasible solution. ' There were also voices making proposals for logically clarifying passwords.

Furthermore, 'I think it is very fair to check the source of the hash value generation algorithm adopted by Passwordle. When I checked the source of the algorithm, the answer password is 14 characters, a random alphabet. It was now generated with (72.8%), numbers (8%), and punctuation (19.2%), 'says some users who analyzed the source and found that the password was 14 characters. However, the same user wrote that the number of passwords that can be generated by these rules is too huge (about 420 jo : 'jo' is 1 trillion squared), so 'that is, there is not much chance of winning ...' I had given up on password analysis.

Related Posts:

in Review,   Web Service,   Game,   Security, Posted by logu_ii