Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strong password created by hash function

  • Please log in to reply
1 reply to this topic

#1 _NG_


  • Members
  • 5 posts
  • Local time:03:27 AM

Posted 27 September 2016 - 04:21 AM

I found out a way to create a strong password that can be used, for example as a master password for any Password Manager. However I'm not sure if it is safe.

The point is that the "strong" password is created by using of any hash function which is applied for your common password.


It can be used any has function (MD5, SHA-1, etc.) and therefore the resulting "strong" password will have a different lenght.

For example:

Let's say my common password is: IHateMyJob_0916.

If we use any hash function, e.g. MD5, we get a 32-digit word with numbers and letters.


In this case the result is: 4f4472197b28b05caad416998ae3a417


We can add some special characters e.g. asterisks and then we have the resulting password which is:



The resulting password in this case has 34 characters with letters, numbers and special characters and therefore I think that

it should be a strong password. (You can check out on https://password.kaspersky.com/)


Also it is easy to remember, because you can just remember your common password.

We can quickly create it, for example by website www.md5.cz, by software HashOnClick on PC or app Hash Droid on Android OS.

Here is how to make hash using HashOnClick on Windows OS:
Create a new notepad file and put in your common password, in this case IHateMyJob_0916, save the file and use right click and select Calculate Hash Value.

I would like to know your opinion whether the created password is strong (against brute-force attack) or weak, because the hash function is applied.


Thank you so much.

BC AdBot (Login to Remove)


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • Gender:Male
  • Local time:03:27 AM

Posted 29 September 2016 - 12:16 PM

It is strong as long as nobody knows that you hash your "common password".


Otherwise it is only strong if your "common password" is also strong.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users