lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Feb 2010 11:10:43 -0500
From: T Biehn <tbiehn@...il.com>
To: "McGhee, Eddie" <Eddie.McGhee@....com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Subject: Re: anybody know good service for cracking md5?

Rainbowcrack-Online was doing precomp dictionary attacks in conjunct
with rainbowtables in 2k5.
The hype spike for RC tables was back in 2k4.

You're off by 5 years Christian.

-Travis

On Thu, Feb 4, 2010 at 7:21 AM, McGhee, Eddie <Eddie.McGhee@....com> wrote:
> Are you serious? People have been using rainbow tables for years mate.. and
> they are rather widely used.. no need to replace useful with anything, the
> statement was plain wrong..
> ________________________________
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Christian
> Sciberras
> Sent: 04 February 2010 12:06
> To: Anders Klixbull
> Cc: full-disclosure@...ts.grok.org.uk; Valdis.Kletnieks@...edu
> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>
> FINE. Replace "useful" with "widely popular".
>
>
>
>
> On Thu, Feb 4, 2010 at 1:04 PM, Anders Klixbull <akl@...erian.dk> wrote:
>>
>> lol they have been useful for years son
>> just because YOU never found a use for them doesn't mean noone else has :)
>>
>>
>> ________________________________
>> From: Christian Sciberras [mailto:uuf6429@...il.com]
>> Sent: 4. februar 2010 13:00
>> To: Anders Klixbull
>> Cc: Valdis.Kletnieks@...edu; full-disclosure@...ts.grok.org.uk
>> Subject: Re: [Full-disclosure] anybody know good service for cracking md5?
>>
>> Uh, in the sense that they are finally becoming actually useful...
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull <akl@...erian.dk> wrote:
>>>
>>> seems to be cropping in?
>>> as far as know rainbow tables has been around for years...
>>>
>>>
>>> ________________________________
>>> From: full-disclosure-bounces@...ts.grok.org.uk
>>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Christian
>>> Sciberras
>>> Sent: 3. februar 2010 23:02
>>> To: Valdis.Kletnieks@...edu
>>> Cc: full-disclosure@...ts.grok.org.uk
>>> Subject: Re: [Full-disclosure] anybody know good service for cracking
>>> md5?
>>>
>>> Actually dictionary attacks seem to work quite well, especially for
>>> common users which typically use dictionary and/or well known passwords
>>> (such as the infamous "password").
>>> Another idea which seems to be cropping in, is the use of hash tables
>>> with a list of known passwords rather then dictionary approach.
>>> Personally, the hash table one is quite successful, consider that it
>>> targets password groups rather than a load of wild guesses.
>>>
>>> Cheers.
>>>
>>>
>>>
>>>
>>> On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks@...edu> wrote:
>>>>
>>>> On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:
>>>>
>>>> > i find some sites which says that they can brute md5 hashes and WPA
>>>> > dumps
>>>> > for 1 or 2 days.
>>>>
>>>> Given enough hardware and a specified md5 hash, one could at least
>>>> hypothetically find an input text that generated that hash.  However,
>>>> that
>>>> may or may not be as useful as one thinks, as you wouldn't have control
>>>> over
>>>> what the text actually *was*.  It would suck if you were trying to crack
>>>> a password, and got the one that was only 14 binary bytes long rather
>>>> than
>>>> the one that was 45 printable characters long. ;)
>>>>
>>>> Having said that, it would take one heck of a botnet to brute-force an
>>>> MD5 has
>>>> in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5
>>>> would
>>>> take on the order of 10**22 years.  If all 140 million zombied computers
>>>> on the
>>>> internet were trying 1 billion keys per second, that drops it down to
>>>> 10**16
>>>> years or so - or about 10,000 times the universe has been around
>>>> already.
>>>>
>>>> I suspect they're actually doing a dictionary attack, which has a good
>>>> chance
>>>> of succeeding in a day or two.
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ