Slashdot Mirror
Online MD5 Cracking Service
toast writes "Did you forget your password but have your /etc/shadow? If so, this site is for you. Submit a MD5 hash and within a few days you'll have an answer. Of course, once Slashdot has its way, you'll have to wait a few years for an answer.. At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means.."
..free? cuz right now it's just /.
Must-not-watch TV!
This is why we use salted, iterated hashing.
hmmmm I would never submit any shadow file, who knows what the admin of the site does with the results! Nick
All joking aside, how much do you want to bet this is the first time the slashdot effect /really/ causes a computer to catch fire due to excessive processor heat?
Objects in the blog are closer then they ap
At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means..
Processing....
(Three days later)
Processing Complete: Result is 42
It would be cool if it didn't suck.
I hope they can't identify information that could link you to your password... I guess most people would change it afterwards. Also, is there a possibility of abuse by this system for cracking other people's passwords?
If you have physical access to your computer...which you should...then of course you could just do it all by hand by booting off of a CD. Why go through all this, unless it's to do something you're not suppose to be doing.
I don't know, what would this be usefull for? Remote admin tasks perhaps?
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
This seems pretty irresponsible... There's not even a disclaimer or click-through license that tells you to submit only a shadow file you are authorized to manipulate. People who have legitimately lost their passwords are going to be a tiny, tiny minority of users of this site.
Just send us your:
1. SS#
2. Mother's maiden name
3. Address of the account with the forgotten password
4. ID of the account with the forgotten password
5. MD5 Hash of the forgotten password
Please send all info to The Good Samaritans c/o Nigerian Embassy.
Of course, If it builds a database of results and checks this cache before attempting the hash directly..... Quite scary, really.... Like building an automatic database of common passwords and their hashes.....
There are already md5 cracking utilities out there that are extremely fast. It'd probably be faster to brute force the hash on your own machine, really.
Now, distributed md5 cracking would be quite interesting.
What is /etc/shadow?
.. At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means.
You'll have to keep wondering! While MD5 isn't secure, any non-original byte sequence that produces the same MD5 is likely to be garbage. Hence an executable file with a specific MD5 value either is the original or garbage that won't run. In this sense it's reasonably secure... However, for the RIAA and others, garbage might just be what they need. Thankfully, LimeWire and other P2P apps have been using SHA-1 for a while now, which doesn't have the same vulnerability.
So at my current job, where the guys at the datacenter that "manage" our boxes once a month copy /etc/passwd and /etc/shadow into /tmp to edit them automatically (to maintain their list of 160 people at the datacenter that have root access to our production boxes.. y'know, the guy that runs cables, the guy that sweeps the floors, etc...), and then makes the *world readable* in /tmp, just for shits and grins....
Luckily I've been pusing to remove any users from our box other than those of us with root.. but still have a ways to go. Hey, now all those developers can grab our shadow file and get root access... online, quick and easy!
FreeBSD/DragonFly and OpenBSD can use blowfish to encrypt passwords, and it's what I personally use whenever I use any of them.
MD5's security has been in question for some time, so quite a while ago I decided that it was a good time to move on to someting new and improved.
Perhaps it's time that Linux allowed you to do the same, or failing that, perhaps it's time that you yourselves moved on to something "new and improved" and make the switch to one of the more security focused operating systems that I've listed above.
Soon that one MD5 sum will outnumber all others submitted by a vast majority...
I'm so glad you brought the word "goatse" to my vocabulary! I really enjoyed finding out what it refers to! Too bad that goatse.cx doesn't exist any more!
;-)
(VERY NOT!)
Does anyone know if/how this will effect Debian's package security (which uses MD5)? Is SHA-1 equally vulnerable, ruling it out as a replacement?
is what this is. MD5 is not a reversible algorithm. There is no way, even in principle, to go from a hashed result to retrieve the input. An infinite number of letter/number combinations could be used to produce any given MD5 hash. At best, they could come up with a combination that produces the same hash as the one given to them, but that does not mean it is the right answer. And they have virtually no chance of cracking a hash made from a well-selected password.
"At the moment we can crack md5 hashes in this character range: a-z;0-9 [8] which means we can break almost all hashes (99.56%) which are created from lowercase plaintext with letters and/or digits up to length of 8 characters." (Emphasis mine)
If your password is under 8 characters and contains only lowercase letters and digits, you deserve to be cracked.
If you use a proper password, then you have nothing to fear from this "service"
I love how like 50 /.'ers so far have added thier own f3789b3c1be47758203f9e8a4d8c6a2a to the processing queue. I can't belive ya'll weren't smart enough to just check thier logs. Obviously whoever write the comment already checked it.
Oh and if you're too lazy to do that; from thier page:
73994908 f3789b3c1be47758203f9e8a4d8c6a2a goatse hex:676f61747365
While I'm *cough* sure that this site has good intentions, the best thing to do if you lose your password is
1) Get the admin to change it for you.
or, if you've lost the root password
2) Boot through some external method (generally from CD or network) and change your password that way.
Admins should keep the shadow file safe from malicious access, but this is giving it to a 3rd party... bad juju.
If you RTFA, it says that it will only hack the following passwords:
a-z;0-9 [8]
This just seems sorta pointless. Many people are ocmplaining about you getting a password for someone else's stuff -- but if they put a capital letter, or any sort of special character, they're safe from this attack. Is there a reason that they didn't add capital letters into the algorithm?
I think my principles are reachin' an all time low
A quick check of hashes pending results shows that not only will you know, but also the 52 dronelike /.ers who submitted the same hash.
Tip: Change your password.
http://bsdvault.net/sections.php?op=viewarticle&ar tid=89
so, what they are saying is that they can tell me my password if i give them my /etc/shadow. however, that file can't be read, opened, et cetera, unless you are root. so if i had my root password, i could change my user's password anyway... or make a new user and copy all my ~ files over.
If I didn't have my root password, but had my user with sudo, I could fix it. Or I could reboot into single user mode.
All things which can be done for FREE and without fear of the decrypted password file out in la-la-land with a bunch of h4x0rz? And this fall Fox is going to have a new reality TV show entitled "Orthodontic Surgery, The Final Frontier" where people get root canals for laughs.
The More Laws, the less Justice --Marcus Tullius Cicero
This project is using RainbowCrack technology
Heading on over to the RainbowCrack page, we find (at the bottom):
Contact Information
Zhu Shuanglei shuanglei[at]hotmail.com
Member of Kingnet Security, Inc.
Shanghai, China
You can use blowfish to encrypt passwords under linux.
In fact in some distros such as suse, it is as simple as launching YAST and selecting blowfish from the security settings dialog.
I shouldn't feed the trolls, I know.
Now go find the question.
Isn't this one of the biggest reasons why Windows security is in such a sorry state?
On the next to the last page, (currently 35) the ID jumps from 52 to 40308344, then after some obviously bogus passwords jumps again to 73993649.
I suppose this was during their testing phase, but who knows. It seems that a comprehensive database of real md5 hash / plaintext combos could be a very powerful thing (assuming these were honest-to-goodness actually used passwords).
StrategyTalk.com, PC Game Forums
because Visual Basic isn't case sensitive?
The More Laws, the less Justice --Marcus Tullius Cicero
All this talk about Hash is making hungry for brownies.
-+-=-+-=-+-=-+-=-+-=-+ *** http://www.mountainfort.com *** +-=-+-=-+-=-+-=-+-=-+-
They forgot to add a comment field to say what originating server the MD5 hash was taken from .... um .... so you'll recognize your own result right away.
A click-through license is not a binding contract. In fact, it is absolutely nothing, legally. Yes, EULA's are worthless pieces of text as well, and shown unenforceable in court.
Just so that its clear, they haven't broken MD5 in the cryptographic sense; they're merely using the fact that the 8 character password space is small enough if you are restricted to lowercase alphabets and numbers (about 3*10^12) to run the whole thing through a brute force search. The nice thing is that they precompute all the plaintext-ciphertext pairs, which means that the actual cracking step is simply a lookup. Lookup can be greatly speeded up if you're looking up lots of things at once, so the /. effect is a very good thing for them, throughput-wise :-)
is that an unscrupulous sysadmin, in fact anyone who can gain rdonly access to the shadow passwd file, can covertly gather gobs of passwords for later use.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
What happens if there's a salt involved? It looks like this only accounts for simple MD5 hashes, which is considered a very weak method of saving passwords.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Why not just use the method that crypt() uses, and use a salt? It's not terribly difficult to implement, and it would mean their database would need to be roughly 3,800 times as big as it is now ( assuming [a-zA-Z0-9]{2} ) Since they have 47.6 GB of lookup tables now, adding a salt would mean the resulting database would be over 180 terabytes.
Not to mention adding in special chars and uppercase letters, which would increase the database by 600 fold, assuming it's linear...
but I can't quite understand what so seperates this from a normal brute force cracker. It seems like it just stores the different possible values for the hash and plaintext combos in a text file, for quicker access? Maybe not? Anyone care to explain?
Before you mod me funny, think, perhaps I was insightfully funny?
If it's a production server that you can't afford to even reboot, maybe you shouldn't be giving the root password to some random website. Just a thought.
Personally, I think it would be better if they released an app that does this. Making you post it to the website just screams "harvester!"
And the l33t shall inherit the 34r7h.
Step 1: Create a service that does something which needs a password hash
Step 2: Get a bunch of bored slashdotters to post their password hashes, and log their IPs
Step 3: Crack the hashes, keep the passwords
Step 4: h4xx0r!
And the l33t shall inherit the 34r7h.
At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means.."
Damn!!! They cracked my password already. Better go and change it.
Sorry, but this is nothing more than a "Oh cool." to me. It has no value to me as an admin. I lost my root pw, or my user passwords? I have physical access to the machine, I just reboot single user, and boom, I'm in.
I purchase old computers all the time (where old is relative of course) often with passworded logins, or -always- the owner forgot the root password. Every OS I've come across with has had a way to get past the password protection -IF YOU HAVE PHYSICAL ACCESS-
Now if you lose your login on your unix machine that you have remote access to only, contact whoever hosts it, have -them- break it open for you. If they don't know how... question their admin-fu.
A short range MD5 cracker. Neat tho, but nothing more than brute force no?
You have access to the shadow file, but you can't remember your password, so what do you do?
Submit the hashes over the internet of course!!
What the hell were these people thinking? If you have access to the shadow file, then you have root access, and you can just passwd a different password. Root doesn't have to supply the current password.
Worst case scenario, just cut out the hash and it'll be a blank password until you reset it. And if you really need that password, odds are that the others in there would be a nice bonus too, in which case there's plenty of other tools available.
Seems if they're going to get pounded, then maybe they ought to do this in groups. Since the whole thing appears to be done via a table lookup, wouldn't it make sense to wait until you have, say 10 that are nearby in the table and then do all 10 at once instead of restarting the search for each one. I would imagine their throughput could go upsignificantly if they did this.
Of course, I don't know enough about how the whole thing works. Maybe I'm completely off base. I'm sure they weren't counting on getting slashdotted either.
Well, 36 ^ 8 = 2,821,109,907,456. How long does it take to compute an MD5 Sum?
More to the point, consider "cracking" passwords in this manner:
The NSA has been reported to have ACRES of computer space; their own chip fab and some of the fastest computers in the world.
What if, decades ago, they just dedicated banks of systems to cracking all possible passwords hashed with crypt. Then, a few years later, did the same thing with MD5, SHA-1, and Blowfish -- as each became available.
They store all this stuff in a table, and now getting passwords to most systems is nothing more than a quick table lookup.
Yes, I know the math. However, add in a bit of psychology and statistics.
Most people don't use characters you can't type on a keyboard for a password. VERY few do ALT-nnn or something like that. Most are going to be puire alpha, or alphanumeric. Some will contain special characters.
Meaning, you don't have to exhaust the entire 8-bit character space to get the vast majority of what you're looking for.
Is it really a surprise that something like this is starting to be possible on consumer systems?
Heck, imagine a beowulf cluster dedicated to this...
Learning HOW to think is more important than learning WHAT to think.
It is a time-memory tradeoff. They come up with a "reduction function" R, which maps hashes into keys. It is not a reversal of the md5 algorithm, it just generates some key based on the hash. Then they create sequences of hash, key, hash, key, hash, key... with each key being the reduction function applied to the previous hash, and each hash being the hash function applied to the previous key. They stop their sequences when they reach "distinguished values," which may e.g. have 0's for the first 12 bits. Then they store the start and endpoints of the sequence.
So now they have a list of start and endpoints for these chains of hashes and keys. To crack a hash, they apply the same process to it - reduction function, hash, reduction function, hash, until they reach a value that is in their table of endpoints. Then they begin at the startpoint associated with that endpoint, and regenerate the sequence up to the hash they're trying to crack. Since the key directly before that hash hashes to that hash, they've successfully cracked the hash.
The "rainbow" refers to the recent innovation of using a different reduction function for each step of the sequence, i.e. using R1 on the first hash, R2 on the second, etc. This means that, even if two sequences contain the same hash, they probably won't be exactly the same after that - a significant problem with the older method of having a single reduction function.
If you want to read about this in more detail with math symbols and such, the pdf is linked from the site.
If they have a db of all the possible md5 hashes for a-z0-9{8} then why does it take so long? couldnt they split up their database into the first few md5 hex combinations?
so they could nest it so that you have 16 folders, with 16 folders in each say up to 3 levels (4096 folders in total), wouldnt it dramatically increase the speed?
A very aptly named site, seeing how it doesn't provide any real value...just look at the middle: http://p asscrack ing.com/
ROLAND The combination is (hesitates) 827ccb. ;)
HELMET 827ccb.
SANDURZ 827ccb. (writes)
ROLAND 0eea8a.
HELMET 0eea8a.
SANDURZ 0eea8a. (writes)
ROLAND 706c4c.
HELMET 706c4c.
SANDURZ 706c4c (writes)
ROLAND 34a1689.
HELMET 34a1689.
SANDURZ 34a1689. (writes)
ROLAND (hesitates) 1f84e7b.
HELMET 1f84e7b.
SANDURZ 1f84e7b. (writes)
HELMET So the combination is 827ccb0eea8a706c4c34a16891f84e7b (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing a fucking n00b would have on his Windows box.
Join the TWIT army now!
"827ccb0eea8a706c4c34a16891f84e7b?? That's the same combination that's on my luggage!"
mv /etc/shadow /etc/shadow.old /etc/shadow.old /etc/shadow /etc/shadow /etc/shadow.old /etc/shadow
cp
vi
(do your vile password manipulations now)
(do whatever vile deeds wanted to do as victim user)
mv
No need for any "cracker site"... Also, if root really wants a specific password, he can run John the Ripper locally with a nice dictionary.
A couple of stories back was the guy looking for warez for his laptop, now a site that cracks passwords. What's next, a list of porn sites and serial numbers? Where's the actual news, slashdot?
Its amazing how many people have submitted f3789b3c1be47758203f9e8a4d8c6a2a to the site. I'm scanning the last 500 submitted, and i've found close to a hundred so far.
Will be interesting to see what it means.
Anonymous Coward's Corollary to Hey's Rule:
These postings will be modded up.
Same thing for windows users (only different) is here. Submit an LM or NT hash, get the password emailed back to you...
...it is trivial to grab your password before it is stored in /etc/shadow. Like say when you type it in? And with that kind of compromise, it doesn't help how secure your password is anyway..
Kjella
Live today, because you never know what tomorrow brings
$ echo -n goatse | md5sum
f3789b3c1be47758203f9e8a4d8c6a2a *-
Anyway, time to change up to SHA1 ;)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
This is /. Nobody here knows what sex is!
"What use is power to the Keeps of Balance?" -Disnt of Nightmare LpMud
If the password isn't god, sex or password, it's not worth breaking into :-)
17:25 http://passcracking.com/
:)
17:25 <ge_> !!
17:26 <toast> interesting
17:26 <toast> let's DoS it
17:26 <ge_> hehehehe
17:26 <toast> just write a distributed tool to submit nonsense and keep the queue full
17:26 <ge_> worse
17:26 <ge_> let's slashdot it!
17:27 <toast> haha
17:27 <toast> perfect
- "When you want something with all your heart, the entire universe conspires to give it to you" -Paulo Coelho
Highly informative post. Thank you.
It doesn't exist anymore, but goat.cx does... [obviously NSFW!]
The entries in the passwd file look something like this:
hengist:*:1000:1000:hengist:/home/hengist:/usr/loc al/bin/bash
It seems there is an error in the story text...there are no hashes in /etc/passwd...
Can anyone confirm the validity of the article text?
Another site killed by excessive /. hits. Looks like f3789b3c1be47758203f9e8a4d8c6a2a is queued to start several hundred times.
3 weeks ago, for shits and giggles, I pre-calcuated md5 passwords based on a 5 million word dictionary. I dropped all of the results in a PostgreSQL database. Took about 12 hours to complete, mainly becuase the app I wrote to handle it was kinda poor and a quick hack. If I were to re-do it, I would use my workstations to create the checksums, and do the inserts.
:P
I had a few friends come over and type in passwords to check against. Needless to say, 85% of those were found in the database. It only took 10 secs at most to do a search each time.
I don't know why it takes them so long to come up with a result. Needless to say, I am gonna have to 1 up them now. Tonight, I am gonna start pre-calcuating a database simular to theres. Difference is, mine will run MUCH faster
until (succeed) try { again(); }
Time to md5 my md5s :P That'll stop them ;)
There's an explanation on the site. It's apparently a compromise that doesn't take up as much storage space as a simple lookup table would, but is much faster than a brute-force search would be.
echo -n 'goatse' | md5sum
f3789b3c1be47758203f9e8a4d8c6a2a -
ff36cc8b1806283dffe68df1e462a120
This one should be in their DB.
Re:Question (Score:1)
by julesh (229690) on Saturday July 03, @04:21PM (#9601525)
Hmmm. User ID 686460 suggests user ID 678202 is 'new here' and it gets modded as insightful. Come on!
Oh, and before you mention it, no I've been here for about 6 years.
Imagine that... A "6 digit" getting all uppidy...
Rootsecure.net has a version of this up at:
. rootsecure.net/rcrack/
http://www.rootsecure.net/crypttmt/
http://www
#!/usr/bin/perl
M NOPQRSTUVWXYZ';
;
use Digest::MD5;
use constant POSSIBLE_CHARS => 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKL
use constant LAST_POSSIBLE_CHAR => substr(POSSIBLE_CHARS, length(POSSIBLE_CHARS) -1, 1);
use constant FIRST_POSSIBLE_CHAR => substr(POSSIBLE_CHARS, 0, 1);
print "Digest:\t";
$digest = <STDIN>;
chomp($data);
$ctx = Digest::MD5->new;
print "Beginning to decrypt...\n";
$attempts = 0;
$current_string=FIRST_POSSIBLE_CHAR;
$start _time = time();
while($digest ne $attempt)
{
$current_string = next_string($current_string);
$attempts++;
$ctx->reset();
$ctx->add($current_string);
$attempt=$ctx->hexdigest();
}
$end_time = time();
print "String decrypted...\n";
print "String = '$current_string'\t\t\tHash = $attempt\n";
$time_to_complete = $end_time - $start_time;
$seconds = $time_to_complete % 60;
$time_to_complete = ($time_to_complete - $seconds) / 60;
$minutes = $time_to_complete % 60;
$time_to_complete = ($time_to_complete - $minutes) / 60;
$hours = $time_to_complete % 24;
$time_to_complete = ($time_to_complete - $hours) / 24;
$days = $time_to_complete % 7;
foreach $unit (($seconds, $minutes, $hours))
{
if($unit < 10) { $unit = '0' . $unit; }
}
print "String found in $days days, $hours:$minutes:$seconds\t\t\t$attempts cycles\n";
sub next_string
{
($string) = @_;
$last_char_of_string = substr($string, length($string) - 1, 1);
unless( $last_char_of_string eq LAST_POSSIBLE_CHAR )
{
substr($string, length($string) - 1, 1, substr(POSSIBLE_CHARS, ( rindex(POSSIBLE_CHARS, $last_char_of_string) + 1 ), 1));
return $string;
}
else
{
if( (length($string) == 1) && ($string eq LAST_POSSIBLE_CHAR))
{
return FIRST_POSSIBLE_CHAR . FIRST_POSSIBLE_CHAR;
}
else
{
return next_string (substr($string, 0, length($string) - 1) ) . FIRST_POSSIBLE_CHAR
}
}
}
If you read the blowfish algorithm, it's actually quite expensive computationally to set up the keys used for encryption. The reason? Initialising the key tables requires 511 (I think... around there, anyway) rounds of the encryption algorithm. However, Blowfish being a reversible algorithm, I don't believe it would be any more secure than md5sum or SHA-1, because you'd need to input a key *and* some data into the algorithm, and the key would probably not change.
-ReK
md5sum -c reality.md5
reality: FAILED
md5sum: WARNING: 1 of 1 computed checksum did NOT match
- reboot(8) syncs disks.
- reboot(8) sends TERM signals.
- reboot(8) syncs every 3 seconds for up to 60 while vm.stats.vm.v_swappgsin changes.
- reboot(8) sends KILL signals.
- reboot(2) is called, which calls boot(), which syncs in a loop 20 times, backing off from 1/20th to 1 second while there are active buffers.
- If any active buffers remain, the disk is left mounted so it's fscked next boot.
Now, if only shutdown(8) called sync once, we'd be up to a maximum of 42... maybe I missed one. Nice function name in there at least; die_you_gravy_sucking_pig_dog().You really wanted to know all that didn't you? Hello? Bah.
According to the page, they are not using a dictionary attack. In any event, you may not get back the password you put in, but some peice of data that has the same md5 sum.
autopr0n is like, down and stuff.
This is not a dictionary attack, it's something else. All a long passphrase will get you is some other string with the same hash.
autopr0n is like, down and stuff.
But been to afraid to ask (cause the doco I've read has been really difficult to understand)...
I know how salting makes the hash of the same password different for different users, and I know that it adds other information on top of the md5 algorithm to get the final hash.
But can someone tell me, on an average, modern day, md5-and-salt-using Linux box:
1) What data is used for the salt?
2) Is it possible to recreate that salt in future? Is there a simple command line program to do salting? If a client is logging on, the hash data they send across the network will neet to be compared against what getent shadow returns, so does the client hash and salt the users input and get the same salted password? Or is there something I'm missing?
I thought it may be worthwhile to mention the fact that this tool does not attack MD5 in any way. Remember, MD5 is designed to give the exact same output for identical input, all this is doing is trying all inputs for lowercase a-z and 0-9, i.e. it's a very limited brute force tool.
Move along...nothing to see here...
dmiessler.com -- grep understanding knowledge
I always wonder, hasn't anybody already tried to bypass in some weird way the md5 hasher of a program, and feed the authentication "part" of the program with the MD5 hash? Dunno why, I have in mind that given a known hash, should be easy to fool a program and give it the hash directly instead of the password.
:P
I do not know if I made myself clear. It's 5.07am here
I've thought of this before, but it has always seemed unachievable, (still does.) It would sure take a while, but I bet you could compress a text file quite a ways more than gzip if you took a sample piece of text from the beginning of the plaintext and appended it to the hash, giving a hint at what the plaintext message would be, (narrowing the number of possible plaintexts the md5 would decode to.) How would it be to compress an encyclopedia to an md5 hash and it's first paragraph or two? Getting it back would take a while :)
The "salt" is used to change how the password is hashed. If you look at the shadow password file on your computer, you'll see some lines that look like this
root:$1$abcdefge$abcd1234efg789hijklmno:0:0:...
You'll notice that the password field (the stuff after the 1st colon, and before the 2nd colon) is itself divided into 3 fields separated by dollar signs. The purpose of these fields are:
1st field - Identifies hashing method. This allows for future changes to how the password in stored while allowing backward compatability with existing passwords.
2nd field - This contains the salt used to hash the password. In order to verify a new password, this exact salt must be used in the hashing process. Since in this case, it's 8 characters long and each character can be one of 64 values, it means that each possible password my be hashed into one of 2^48 different values. This salt is generated randomly at the time that you set your password. The randomly generated salt is then stored here for use in verifying future authencation attempts.
3rd field - This is the actual hashed password using the salt specified in the previous field. It is 22 characters long, which with base 64 encoding can store 132 bits. Since MD5 only hashes to 128 bits, there are 4 unused bits at the tail end of this value.
Indeed key space is finite. That being said, go find me a single collision (two strings that result in the same MD5) and I'll conceed that your point is mildly valid.
I can count to 1023 on my hands. Ask me about #132.
Nothing scales forever. In the very specific realm of passwords and hashes generated from those passwords, you have a huge scaling problem.
Take a simple example: a-z,0-9, 8 chars, MD5.
That's 36^8, or slightly more than 2.8 trillion passwords. Storage for those would be 2.25 × 10^13 bytes, or 22 and a half terrabytes. Now, storing the MD5 password along with them is another 16 bytes, so we need to triple that, and thus we have 67.5 terrabytes of storage needed. Now, what's the size of the index on this thing? It's going to be pretty big, I'm sure. Just searching the index is probably going to require an index itself.
Now, realize that you're going to be searching for the MD5 here, not the password. So sorting it is a bit of a PITA too, and could take a hell of a long time. Ever try to run a quicksort on a 3 trillion item array?
And all that only covers lowercase and digits, up to 8 characters. Yes, your data lookup could be made fast, if you have one hell of a big system to stick the whole thing on, and a few computers to handle the thing in sections. Big databases are not new, but when you start talking about fully populated databases created from arbitrary mathematical functions, you quickly get into the realm of the obnoxiously insanely big database. It's not practical, and it certainly isn't very fast unless you throw a ton of money at it.
Whereas this method trades off space for cpu time, by the reducing function thing. Reducing functions are not new, what's new here is to use a changing reducing function, which is kinda nifty. It has its limitations as well, but the big evil database has some pretty major ones too.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I can tell you one place where this is useful: in the NT equivalent of this app (there was a link posted to it somewhere above), retrieving a lost password can save your ass for encrypted files (since encrypted files use the password as a key seed in NT/2k/XP). Changing your password effectively munges all your encrypted files.
...John the Ripper. It's been ported to cracking so many password systems. Very useful in telling someone that their dog's name is not a valid password. The upside of it is that you crack passwords on your own network for your benefit, and not expose them to masses of other people.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
I was going to queue up FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF to see a pre-image that creates the largest MD5 hash value, but someone beat me to it. However, the task is still "Waiting to start...". I'll post a reply when it completes.
I put the 'fun' in fundamentalism
In soviet china, the passwords crack you, etc. etc.
How probable is it (and can it be proved mathematically?) that any given "secure" password does not, in fact, give the same MD5 output as a "simple" password?
I know everyone here thinks they are safe because their password is something complicated. It would be a shame if you could also log in by typing "password" at the prompt....
N
... that this RainbowCrack technology they are using, is very usefully utilising high end resources that people using leave these machines idle.
Yup. If you copy it (cp), you goof up the timestamps. Moving it, at least on the systems I've used, doesn't change the stamps. It's a little sneakier.