Comments on: Caution: Online MD5 Cracker Tool

By: najeed006

najeed006 — Thu, 02 Jul 2009 03:08:56 +0000

[md5.rednoize.com]

By: najeed006

najeed006 — Thu, 02 Jul 2009 03:08:34 +0000

b041837512536fcac661a3cf3c69eef2

hash not found Balaji …

By: Update Your Passwords! MD5 Cracked! « UNC Asheville Multimedia Arts/Sciences Council

Sun, 15 Feb 2009 22:53:04 +0000

[...] own personal passwords are likely made to be more memorable, and therefore are more predictable. MD5 cracking has unfortunately spread to a public forefront. The bottom line is simple, update your password to [...]

By: balaji

balaji — Sun, 27 Apr 2008 05:24:34 +0000

if i have hash the wat is password of this

b041837512536fcac661a3cf3c69eef2

By: Another Reason to Choose a Safe, Secure Password

Another Reason to Choose a Safe, Secure Password — Mon, 17 Dec 2007 15:32:24 +0000

[...] is the latest reason why you should not use easy-to-remember passwords: this MD5 cracking tool (via Cybernet News) is able to convert many encrypted passwords back into their original, plain text form. The tool is [...]

By: Mr./Ms. Days (MMDays) - ??, ??, ??, ?? » Blog Archive » ????????

Mr./Ms. Days (MMDays) - ??, ??, ??, ?? » Blog Archive » ???????? — Mon, 17 Dec 2007 07:37:03 +0000

[...] ??? Web2.0 ?????????????????????nevercool ?????????????????? MD5 ????????????????????????????? CyberNet ???????????????????????????????????????? Google ???????????????????????????????????? MD5 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [...]

By: leland

leland — Sun, 16 Dec 2007 05:07:17 +0000

If you follow the best practices recommended today you would have a password that is a phrase that includes upper, lower case along with numbers and punctuation. On some sites I needed a 26 character password before it thought I was adequately protected. But then considering the speed at which computers run now days and how smart the bad guys are you can never be too safe. Thanks for the interesting article.

By: f0dder

f0dder — Sat, 15 Dec 2007 20:23:48 +0000

…and now I’ll just go shoot myself and write “never post anything on teh intarweb when you’ve just woken up” a 100 times on my blackboard. Yes, obviously I just entered that fancy string on the site, and it calculated the md5sum for me – duh. Not the other way around.

So I’ll return to my previous position of “is this really using rainbow tables?”, and have a bucket of coffee.

By: f0dder

f0dder — Sat, 15 Dec 2007 20:15:33 +0000

Okay, actually played a bit with the website now and tried a few different passwords, and considering that it handles a string like “Åu*e½/§|t[a-s’ord^¨+}++98:0.2_83″ – well, I’m convinced it does use rainbow tables. And yes, I did double-check the md5 value returned, and it is correct.

I do wonder why it failed on the very simple passwords as those mentioned in the blog posting, though?

By: f0dder

f0dder — Sat, 15 Dec 2007 19:49:30 +0000

The “about” page on the md5() site doesn’t say that it uses rainbow tables, just that it has “a database of md5 hashes”. If it used rainbow tables, I can’t see why it would be able to crack an 8-letter password (”password”), but fail on a 5-letter password (”2w9ss”), when it obviously handles the character set (it does handle the (very short) “2w9″). But I might have misunderstood how rainbow tables work
.

Also, forget “A 6 letter hash containing of A-Z, a-z and 0-9 will produce an extra 56,800,235,584 permutations.”, a UNIX salt only does 4096 permutation (which is a lot of extra space, but within the realm of doable) – again, unless I’ve misunderstood something.