lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <282134E75BDEB64E943CAF38C80BDD8A0380E817@PRO-EXCHANGESRV.experian.dk>
Date: Thu, 4 Feb 2010 13:04:56 +0100
From: "Anders Klixbull" <akl@...erian.dk>
To: "Christian Sciberras" <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: anybody know good service for cracking md5?

lol they have been useful for years son
just because YOU never found a use for them doesn't mean noone else has
:)
 
 

________________________________

From: Christian Sciberras [mailto:uuf6429@...il.com] 
Sent: 4. februar 2010 13:00
To: Anders Klixbull
Cc: Valdis.Kletnieks@...edu; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] anybody know good service for cracking
md5?


Uh, in the sense that they are finally becoming actually useful...






On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull <akl@...erian.dk>
wrote:


	seems to be cropping in?
	as far as know rainbow tables has been around for years...
	 
	
	 

________________________________

	From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
Christian Sciberras
	Sent: 3. februar 2010 23:02
	To: Valdis.Kletnieks@...edu
	Cc: full-disclosure@...ts.grok.org.uk
	Subject: Re: [Full-disclosure] anybody know good service for
cracking md5?
	
	
	Actually dictionary attacks seem to work quite well, especially
for common users which typically use dictionary and/or well known
passwords (such as the infamous "password").
	Another idea which seems to be cropping in, is the use of hash
tables with a list of known passwords rather then dictionary approach.
	Personally, the hash table one is quite successful, consider
that it targets password groups rather than a load of wild guesses.
	
	Cheers.
	
	
	
	
	
	On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks@...edu>
wrote:
	

		On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:
		
		> i find some sites which says that they can brute md5
hashes and WPA dumps
		> for 1 or 2 days.
		
		
		Given enough hardware and a specified md5 hash, one
could at least
		hypothetically find an input text that generated that
hash.  However, that
		may or may not be as useful as one thinks, as you
wouldn't have control over
		what the text actually *was*.  It would suck if you were
trying to crack
		a password, and got the one that was only 14 binary
bytes long rather than
		the one that was 45 printable characters long. ;)
		
		Having said that, it would take one heck of a botnet to
brute-force an MD5 has
		in 1 or 2 days. Given 1 billion keys/second, a true
brute force of MD5 would
		take on the order of 10**22 years.  If all 140 million
zombied computers on the
		internet were trying 1 billion keys per second, that
drops it down to 10**16
		years or so - or about 10,000 times the universe has
been around already.
		
		I suspect they're actually doing a dictionary attack,
which has a good chance
		of succeeding in a day or two.
		
		
		_______________________________________________
		Full-Disclosure - We believe in it.
		Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
		Hosted and sponsored by Secunia - http://secunia.com/
		




Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ