| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ggilliss at netpublishing.com (Gregory A. Gilliss) Subject: MD5 hash cracking service Interesting, since MD5 hashes are supposed to be "one way", are they not? I've often discussed setting up an "online cracking service" (think Alex Moffet's crack seriously networked a la Beowulf with a Web interface). Aside from the technical challenges of setting up and maintaining such a project, the obvious issue, from a security perspective, would be trust. For example, if I know that Alice connected from 12.3.4.5 and supplied a hash/password, and I retained the unencrypted hash/password, would I not now (potentially) have access to "something" (maybe accessible, maybe privileged, maybe not) at 12.3.4.5? Still, bravo to you for setting it up :-) G On or about 2004.07.01 19:03:33 +0000, md5er (info@...scracking.com) said: > I've set up a quick website and system to crack md5 hashes online using Rainbow tables. The project is using RainbowCrack and currently ~47 Gb of tables. At the moment it can crack hashes of lowercase letters and/or numbers up to 8 characters long. > > The cracking service is free > > If you are interested you can check out the site here: http://passcracking.com > > > > Regards, > > staff > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gregory A. Gilliss, CISSP E-mail: greg@...liss.com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists