[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MD5 hash cracking service

To: "Gregory A. Gilliss" <ggilliss@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] MD5 hash cracking service
From: Dave King <dave@xxxxxxxxxxxxx>
Date: Fri, 02 Jul 2004 01:01:38 -0600

It's true that MD5 hashes are one way. This simply means you can't do math on them and get back to what you started with, as you can with encryption. Basically what this site does is make a huge sorted list of MD5 hashes. It can then quickly search through them and find your hash. Since the same plaintext always makes the same MD5 hash, then you've got your plaintext. It's bascially a memory vs. time tradeoff.

I agree with you about potential problems publically posting stuff to be cracked, be leary. 150 hashes a day is pretty fast though. . .

Dave King
www.thesecure.net

Gregory A. Gilliss wrote:

Interesting, since MD5 hashes are supposed to be "one way", are they not?

I've often discussed setting up an "online cracking service" (think Alex Moffet's crack seriously networked a la Beowulf with a Web interface). Aside from the technical challenges of setting up and maintaining such a project, the obvious issue, from a security perspective, would be trust. For example, if I know that Alice connected from 12.3.4.5 and supplied a hash/password, and I retained the unencrypted hash/password, would I not now (potentially) have access to "something" (maybe accessible, maybe privileged, maybe not) at 12.3.4.5?

Still, bravo to you for setting it up :-)

G

On or about 2004.07.01 19:03:33 +0000, md5er (info@xxxxxxxxxxxxxxxx) said:

I've set up a quick website and system to crack md5 hashes online using Rainbow tables. The project is using RainbowCrack and currently ~47 Gb of tables. At the moment it can crack hashes of lowercase letters and/or numbers up to 8 characters long.

The cracking service is free

If you are interested you can check out the site here: http://passcracking.com

Regards,

staff

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MD5 hash cracking service
  - From: Kurt Seifried

References:
- [Full-Disclosure] MD5 hash cracking service
  - From: md5er
- Re: [Full-Disclosure] MD5 hash cracking service
  - From: Gregory A. Gilliss

Prev by Date: [Full-Disclosure] XSS in SCI Photo Chat Server 3.4.9
Next by Date: Re: [Full-Disclosure] software burning cpu or mobo ?
Previous by thread: Re: [Full-Disclosure] MD5 hash cracking service
Next by thread: Re: [Full-Disclosure] MD5 hash cracking service
Index(es):
- Date
- Thread