Domain: pwcrack.com
Stories and comments across the archive that link to pwcrack.com.
Comments · 7
-
Re:Just received this from Yahoo! yesterday
Your search - 36a7d045d7b15123b79602889074cb16 - did not match any documents.
Not anymore.
That said, my search - 2ab96390c7dbe3439de74d0c9b0b1767 - did match some pertinent documents.
And <wild guess>you might have accidentally digested a trailing newline from echo(1) along with your data.</wild guess>That said, googling the hash is the lazy approach. If you're serious about it, download a rainbow table. Every 8-letter combination of printable ASCII chars in there, fits on a 2TB disk (stored as a plain key-value lookup table, that's 156878 TB worth of data).
I'd say Joe Luser rarely picks passwords longer than 8 chars. And I don't suppose you're going to tell me that yahoo bothered to salt their md5 hashes...
So overall you can consider the vast majority of those passwords to be compromised. Naturally, they'll find their way into much smaller, real-world-passwords lookup tables...
-
Re:Just received this from Yahoo! yesterday
Your search - 36a7d045d7b15123b79602889074cb16 - did not match any documents.
Not anymore.
That said, my search - 2ab96390c7dbe3439de74d0c9b0b1767 - did match some pertinent documents.
And <wild guess>you might have accidentally digested a trailing newline from echo(1) along with your data.</wild guess>That said, googling the hash is the lazy approach. If you're serious about it, download a rainbow table. Every 8-letter combination of printable ASCII chars in there, fits on a 2TB disk (stored as a plain key-value lookup table, that's 156878 TB worth of data).
I'd say Joe Luser rarely picks passwords longer than 8 chars. And I don't suppose you're going to tell me that yahoo bothered to salt their md5 hashes...
So overall you can consider the vast majority of those passwords to be compromised. Naturally, they'll find their way into much smaller, real-world-passwords lookup tables...
-
Re:Just received this from Yahoo! yesterday
Your search - 36a7d045d7b15123b79602889074cb16 - did not match any documents.
Not anymore.
That said, my search - 2ab96390c7dbe3439de74d0c9b0b1767 - did match some pertinent documents.
And <wild guess>you might have accidentally digested a trailing newline from echo(1) along with your data.</wild guess>That said, googling the hash is the lazy approach. If you're serious about it, download a rainbow table. Every 8-letter combination of printable ASCII chars in there, fits on a 2TB disk (stored as a plain key-value lookup table, that's 156878 TB worth of data).
I'd say Joe Luser rarely picks passwords longer than 8 chars. And I don't suppose you're going to tell me that yahoo bothered to salt their md5 hashes...
So overall you can consider the vast majority of those passwords to be compromised. Naturally, they'll find their way into much smaller, real-world-passwords lookup tables...
-
Re:Just received this from Yahoo! yesterday
Your search - 36a7d045d7b15123b79602889074cb16 - did not match any documents.
Not anymore.
That said, my search - 2ab96390c7dbe3439de74d0c9b0b1767 - did match some pertinent documents.
And <wild guess>you might have accidentally digested a trailing newline from echo(1) along with your data.</wild guess>That said, googling the hash is the lazy approach. If you're serious about it, download a rainbow table. Every 8-letter combination of printable ASCII chars in there, fits on a 2TB disk (stored as a plain key-value lookup table, that's 156878 TB worth of data).
I'd say Joe Luser rarely picks passwords longer than 8 chars. And I don't suppose you're going to tell me that yahoo bothered to salt their md5 hashes...
So overall you can consider the vast majority of those passwords to be compromised. Naturally, they'll find their way into much smaller, real-world-passwords lookup tables...
-
dBase Password Recovery toolThere is at least one tool to recover a lost dBase password.$99.
Or a $75 service. Password Crackers Inc.
-
Re:Physical Security
Yes, you're right. Sometimes you can even use a backdoor password. I remember that password AMI worked for every AmiBIOS some time ago (extremely stupid idea, once someone knows such a password, every system can be compromised). There's a lot of interesting articles on the Web about cracking BIOS passwords:
- HOW TO BYPASS BIOS PASSWORDS by Elf Qrin
- How to Bypass BIOS Passwords by LabMice.net
- BIOS Password Recovery by Password Crackers, Inc.
A Google search for BIOS Passwords gives quite a few hits. Putting your floppy into the drive is the fastest and easiest thing you can do if you have physical access, but it's not the only issue. No one should ever be allowed to be near the important servers, except people responsible for the security.
Somehow off-topic, but speaking about security, I have to recommend one of the best texts about security (mostly about secure programming) I've ever read: Secure Programming for Linux and Unix HOWTO by David A. Wheeler. Great read. And speaking about passwords, it's good to read great publications of Alec Muffett, the author of the famous crack(1) and CrackLib:
- Security FAQ
- Proper Care and Feeding of Firewalls
- WAN-Hacking with AutoHack (plus slides)
- How To Build Your Own Network Intrusion Kit (readme)
- Programming Holes that will hose your System Security
- Crack FAQ
- CrackLib README
- Crack Humour
It's maybe not very on-topic when speaking about physical security, but it's very important to understand the security as a whole.
-
Microsoft cares about security!
I had an Excel spreadsheet and was going to put passwords in it, because Microsoft has "strong security" features such as encrypted Excel files. Good thing I did a Google search on the topic first:
> We search for the encryption key that Excel® used to encrypt the spreadsheet. There are many fewer keys than possible passwords, hence we are able to search all of the possible keys in 7 to 10 days.
I found several services offering 100% guarantee to decrypt an encrypted Excel or Word file in under two weeks.
Thanks Microsoft.