Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: anybody know good service for cracking md5?
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 3 Feb 2010 23:02:20 +0100

Actually dictionary attacks seem to work quite well, especially for common
users which typically use dictionary and/or well known passwords (such as
the infamous "password").
Another idea which seems to be cropping in, is the use of hash tables with a
list of known passwords rather then dictionary approach.
Personally, the hash table one is quite successful, consider that it targets
password groups rather than a load of wild guesses.

Cheers.




On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks () vt edu> wrote:

On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:

i find some sites which says that they can brute md5 hashes and WPA dumps
for 1 or 2 days.

Given enough hardware and a specified md5 hash, one could at least
hypothetically find an input text that generated that hash.  However, that
may or may not be as useful as one thinks, as you wouldn't have control
over
what the text actually *was*.  It would suck if you were trying to crack
a password, and got the one that was only 14 binary bytes long rather than
the one that was 45 printable characters long. ;)

Having said that, it would take one heck of a botnet to brute-force an MD5
has
in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5
would
take on the order of 10**22 years.  If all 140 million zombied computers on
the
internet were trying 1 billion keys per second, that drops it down to
10**16
years or so - or about 10,000 times the universe has been around already.

I suspect they're actually doing a dictionary attack, which has a good
chance
of succeeding in a day or two.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]