Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: anybody know good service for cracking md5?
From: "Anders Klixbull" <akl () experian dk>
Date: Thu, 4 Feb 2010 12:58:34 +0100

seems to be cropping in?
as far as know rainbow tables has been around for years...
 
 

________________________________

From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
Christian Sciberras
Sent: 3. februar 2010 23:02
To: Valdis.Kletnieks () vt edu
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] anybody know good service for cracking
md5?


Actually dictionary attacks seem to work quite well, especially for
common users which typically use dictionary and/or well known passwords
(such as the infamous "password").
Another idea which seems to be cropping in, is the use of hash tables
with a list of known passwords rather then dictionary approach.
Personally, the hash table one is quite successful, consider that it
targets password groups rather than a load of wild guesses.

Cheers.





On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks () vt edu> wrote:


        On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:
        
        > i find some sites which says that they can brute md5 hashes
and WPA dumps
        > for 1 or 2 days.
        
        
        Given enough hardware and a specified md5 hash, one could at
least
        hypothetically find an input text that generated that hash.
However, that
        may or may not be as useful as one thinks, as you wouldn't have
control over
        what the text actually *was*.  It would suck if you were trying
to crack
        a password, and got the one that was only 14 binary bytes long
rather than
        the one that was 45 printable characters long. ;)
        
        Having said that, it would take one heck of a botnet to
brute-force an MD5 has
        in 1 or 2 days. Given 1 billion keys/second, a true brute force
of MD5 would
        take on the order of 10**22 years.  If all 140 million zombied
computers on the
        internet were trying 1 billion keys per second, that drops it
down to 10**16
        years or so - or about 10,000 times the universe has been around
already.
        
        I suspect they're actually doing a dictionary attack, which has
a good chance
        of succeeding in a day or two.
        
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/
        


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault