Slashdot Mirror
Online MD5 Cracking Service
toast writes "Did you forget your password but have your /etc/shadow? If so, this site is for you. Submit a MD5 hash and within a few days you'll have an answer. Of course, once Slashdot has its way, you'll have to wait a few years for an answer.. At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means.."
This is why we use salted, iterated hashing.
hmmmm I would never submit any shadow file, who knows what the admin of the site does with the results! Nick
Especially since the only people who should have access to /etc/shadow should be the people with root on the box.
Joe bloggs on his shell account isn't going to be able to get it is he ?
Gentlemen, start your penguins
on page 2 when results are 500, you'll find
;)
"f3789b3c1be47758203f9e8a4d8c6a2a" = "goatse"
So stop submitting it!
What /etc/passwd leaves against a surface when you shine a light at it.
Happy Noodle Boy says "F###ing doughnut! Mock me? You fried cyclops!!"
This is probably obvious, but you can verify it using:
$ echo -n goatse | md5sum
f3789b3c1be47758203f9e8a4d8c6a2a -
So parent is right.
because Visual Basic isn't case sensitive?
The More Laws, the less Justice --Marcus Tullius Cicero
Just so that its clear, they haven't broken MD5 in the cryptographic sense; they're merely using the fact that the 8 character password space is small enough if you are restricted to lowercase alphabets and numbers (about 3*10^12) to run the whole thing through a brute force search. The nice thing is that they precompute all the plaintext-ciphertext pairs, which means that the actual cracking step is simply a lookup. Lookup can be greatly speeded up if you're looking up lots of things at once, so the /. effect is a very good thing for them, throughput-wise :-)
Hopefully it is running BeOS as its is_computer_on_fire() call will provide at least some protection.
Step 1: Create a service that does something which needs a password hash
Step 2: Get a bunch of bored slashdotters to post their password hashes, and log their IPs
Step 3: Crack the hashes, keep the passwords
Step 4: h4xx0r!
And the l33t shall inherit the 34r7h.
It is a time-memory tradeoff. They come up with a "reduction function" R, which maps hashes into keys. It is not a reversal of the md5 algorithm, it just generates some key based on the hash. Then they create sequences of hash, key, hash, key, hash, key... with each key being the reduction function applied to the previous hash, and each hash being the hash function applied to the previous key. They stop their sequences when they reach "distinguished values," which may e.g. have 0's for the first 12 bits. Then they store the start and endpoints of the sequence.
So now they have a list of start and endpoints for these chains of hashes and keys. To crack a hash, they apply the same process to it - reduction function, hash, reduction function, hash, until they reach a value that is in their table of endpoints. Then they begin at the startpoint associated with that endpoint, and regenerate the sequence up to the hash they're trying to crack. Since the key directly before that hash hashes to that hash, they've successfully cracked the hash.
The "rainbow" refers to the recent innovation of using a different reduction function for each step of the sequence, i.e. using R1 on the first hash, R2 on the second, etc. This means that, even if two sequences contain the same hash, they probably won't be exactly the same after that - a significant problem with the older method of having a single reduction function.
If you want to read about this in more detail with math symbols and such, the pdf is linked from the site.
ROLAND The combination is (hesitates) 827ccb. ;)
HELMET 827ccb.
SANDURZ 827ccb. (writes)
ROLAND 0eea8a.
HELMET 0eea8a.
SANDURZ 0eea8a. (writes)
ROLAND 706c4c.
HELMET 706c4c.
SANDURZ 706c4c (writes)
ROLAND 34a1689.
HELMET 34a1689.
SANDURZ 34a1689. (writes)
ROLAND (hesitates) 1f84e7b.
HELMET 1f84e7b.
SANDURZ 1f84e7b. (writes)
HELMET So the combination is 827ccb0eea8a706c4c34a16891f84e7b (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing a fucking n00b would have on his Windows box.
Join the TWIT army now!
Same thing for windows users (only different) is here. Submit an LM or NT hash, get the password emailed back to you...
The "salt" is used to change how the password is hashed. If you look at the shadow password file on your computer, you'll see some lines that look like this
root:$1$abcdefge$abcd1234efg789hijklmno:0:0:...
You'll notice that the password field (the stuff after the 1st colon, and before the 2nd colon) is itself divided into 3 fields separated by dollar signs. The purpose of these fields are:
1st field - Identifies hashing method. This allows for future changes to how the password in stored while allowing backward compatability with existing passwords.
2nd field - This contains the salt used to hash the password. In order to verify a new password, this exact salt must be used in the hashing process. Since in this case, it's 8 characters long and each character can be one of 64 values, it means that each possible password my be hashed into one of 2^48 different values. This salt is generated randomly at the time that you set your password. The randomly generated salt is then stored here for use in verifying future authencation attempts.
3rd field - This is the actual hashed password using the salt specified in the previous field. It is 22 characters long, which with base 64 encoding can store 132 bits. Since MD5 only hashes to 128 bits, there are 4 unused bits at the tail end of this value.