lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Feb 2010 17:12:26 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: T Biehn <tbiehn@...il.com>
Cc: "McGhee, Eddie" <Eddie.McGhee@....com>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Subject: Re: anybody know good service for cracking md5?

Or just immature on these issues...






On Thu, Feb 4, 2010 at 5:10 PM, T Biehn <tbiehn@...il.com> wrote:
> Rainbowcrack-Online was doing precomp dictionary attacks in conjunct
> with rainbowtables in 2k5.
> The hype spike for RC tables was back in 2k4.
>
> You're off by 5 years Christian.
>
> -Travis
>
> On Thu, Feb 4, 2010 at 7:21 AM, McGhee, Eddie <Eddie.McGhee@....com> wrote:
>> Are you serious? People have been using rainbow tables for years mate.. and
>> they are rather widely used.. no need to replace useful with anything, the
>> statement was plain wrong..
>> ________________________________
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Christian
>> Sciberras
>> Sent: 04 February 2010 12:06
>> To: Anders Klixbull
>> Cc: full-disclosure@...ts.grok.org.uk; Valdis.Kletnieks@...edu
>> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>>
>> FINE. Replace "useful" with "widely popular".
>>
>>
>>
>>
>> On Thu, Feb 4, 2010 at 1:04 PM, Anders Klixbull <akl@...erian.dk> wrote:
>>>
>>> lol they have been useful for years son
>>> just because YOU never found a use for them doesn't mean noone else has :)
>>>
>>>
>>> ________________________________
>>> From: Christian Sciberras [mailto:uuf6429@...il.com]
>>> Sent: 4. februar 2010 13:00
>>> To: Anders Klixbull
>>> Cc: Valdis.Kletnieks@...edu; full-disclosure@...ts.grok.org.uk
>>> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>>>
>>> Uh, in the sense that they are finally becoming actually useful...
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull <akl@...erian.dk> wrote:
>>>>
>>>> seems to be cropping in?
>>>> as far as know rainbow tables has been around for years...
>>>>
>>>>
>>>> ________________________________
>>>> From: full-disclosure-bounces@...ts.grok.org.uk
>>>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Christian
>>>> Sciberras
>>>> Sent: 3. februar 2010 23:02
>>>> To: Valdis.Kletnieks@...edu
>>>> Cc: full-disclosure@...ts.grok.org.uk
>>>> Subject: Re: [Full-disclosure] anybody know good service for cracking
>>>> md5?
>>>>
>>>> Actually dictionary attacks seem to work quite well, especially for
>>>> common users which typically use dictionary and/or well known passwords
>>>> (such as the infamous "password").
>>>> Another idea which seems to be cropping in, is the use of hash tables
>>>> with a list of known passwords rather then dictionary approach.
>>>> Personally, the hash table one is quite successful, consider that it
>>>> targets password groups rather than a load of wild guesses.
>>>>
>>>> Cheers.
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks@...edu> wrote:
>>>>>
>>>>> On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:
>>>>>
>>>>> > i find some sites which says that they can brute md5 hashes and WPA
>>>>> > dumps
>>>>> > for 1 or 2 days.
>>>>>
>>>>> Given enough hardware and a specified md5 hash, one could at least
>>>>> hypothetically find an input text that generated that hash.  However,
>>>>> that
>>>>> may or may not be as useful as one thinks, as you wouldn't have control
>>>>> over
>>>>> what the text actually *was*.  It would suck if you were trying to crack
>>>>> a password, and got the one that was only 14 binary bytes long rather
>>>>> than
>>>>> the one that was 45 printable characters long. ;)
>>>>>
>>>>> Having said that, it would take one heck of a botnet to brute-force an
>>>>> MD5 has
>>>>> in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5
>>>>> would
>>>>> take on the order of 10**22 years.  If all 140 million zombied computers
>>>>> on the
>>>>> internet were trying 1 billion keys per second, that drops it down to
>>>>> 10**16
>>>>> years or so - or about 10,000 times the universe has been around
>>>>> already.
>>>>>
>>>>> I suspect they're actually doing a dictionary attack, which has a good
>>>>> chance
>>>>> of succeeding in a day or two.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ