Slashdot Mirror
New Online MD5 Hash Database
Gravix writes with a shameless plug for his new site "Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!" Shameless plug aside, the site still seems worth a closer look.
It doesnt have the hash for slashdot :(
4e9fd9f4624c02685096769364a81d95
Database contains 12,288,524 = 2*2*31*113*877 unique entries.
Quick! everybody go test your password security by sending it to a random web site
Snowden and Manning are heroes.
6436a55a08760c5b94dbed4476f83fcd
Does anyone know how to get a hold of a database such as this? As part of our IT auditing I'd like to be able to do a join of our md5-encoded user passwords (no salts or anything) with this to see whose password is insecure... yeah, that's it...
This is fun.. watching his hash counter go up. It was at 32 when I first saw it, which means that near all of the increase over the next few days can be attributed to the /. effect (assuming he doesn't get posted to some other major site).
Apart from the fact that this site is somewhat morally questionable, it doesn't seem to work very well. I inserted a number of hashes for common first names and dictionary words, and none of them returned a hit. If the database doesn't even cover common stuff such as this, what is it really good for? Really, 12 million hashes out of a space of 2^128 is truly miniscule.
Any system using plain md5 to hash passwords is broken anyway. Include a salt - and any database over hashes will become useless. Besides if people choose good passwords, they are most likely not in the database. That is already two reasons why people should be protected, do we need anymore?
For many other uses of cryptographic hashes the input is much more than a single word, and typically you don't really worry about keeping the input a secret anyway.
Do you care about the security of your wireless mouse?
Google is your friend!
"try the veal"
They must be smoking some dope ass crack if they think they have lots of common permutations of dictionary words covered. Try fcaf8cb5751b2995c95f6c8021584eff (h3ll0) or 50c20343d45744b1aa36ace8c04c700a (th3r3). Is there anything simpler in terms of commons words with obvious numeric substitutions that it actually gets?
My question is, does Linux, more specifically Debian, use MD5 for its passwords? Or what kind of "system" does it use to store and compare hashed passwords?
What would be really nice is to see this grow past a simple MD5 database. If you're going to get traffic, you really should get an NTLM database up and start populating it as soon as possible.
A few other places have these, in differing amounts. Rainbowcrack has tons of them, but require you to submit some before being allowed to query the system. I did submit a few NTLM hash tables, but it took the better part of a week to get my query back (it's supposed to be a lot faster than that).
There's also Ophcrack which uses tables similar to rainbow tables. It has a web interface to query NTLM hashes for simple passwords.
With these pre-computed hash tables, basic password security is starting to take a hit and it's becoming more and more worthwhile to use a simple but long password rather than a short and complex one. If you're on Windows, it's also VERY worthwhile to read about forcing Windows to store only the NTLM hash and drop the LM hash. It breaks old compatibility with Win 9x but is very worth it if you don't need that. This helps against precomputed attackes but has an even bigger impact agains brute-force attacks.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
I think there's some kind of bug in the counter, or the site is being ./'d, with over 65535 or 2^64-1 hits, as I initially saw the counter with a value of around 70, and now when I look at it, the counter had gone DOWN to 30 something, and was on the increase again.
All in all, this is another ho-hum kind of story.
Page generated in 0.000568 seconds.
The dude knew the slashdot crowd was heading his way so he put in a timer just to look impressive... sigh.
What advantages does this database have over say a Cray supercomputer, which I could also afford.
"I'm going to f***ing bury that guy, I have done it before, and I will do it again. I'm going to f***ing kill Google"
if anyone is interested, the md5 hash for the md5 summer (win32) is 6f122df5e2b86bc0bc8885cafe4b9eab
Mongrel News all the news that fits and froths
Would these (or similar) attacks work against sha1 hashes?
To call LM weak would be an understatement. LM takes passwords up to 14 charackets in length, fine you think until you realise that the way tey did it is to hash 2 7-character strings. This means for any password, you have to crack a max of 7 characters. Oh, and did I meantion it's case insensitive?
There are existing ranbowtables covering basically the entire LM space but, really, you don't need it. A fast dual core chip will crack it in less than a day.
The parent is correct in that in all cases you can you should set Windows to only use NTLM, or better yet NTLMv2. We are (finally) getting to do that at work as we purged the last NT and 98 systems from the domain.
Does not take up as much room, and someone else is responsible for the maintenance. It's too late for me, but you might benefit from my shortsightedness.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
This is not about a weak hash, the dictionary is only a threat to wrong use of the hash.
9e925e9341b490bfd3b4c4ca3b0c1ef2; a2a551a6458a8de22446cc76d639a9e9; 0cc175b9c0f1b6a831c399e269772661; acaa16770db76c1ffb9cee51c3cabfcf; 1cba77c39b4d0a81024a7aada3655a28.
With this database suddenly all files are compressible to 32 bytes. A 1440 Kb floppy disk can store 46080 MD5 hashes. If each hash represents a file that is on average 10 Mb, the floppy disk can store 461 Gb on average.
This is quite useful for archival purposes.
The whole idea of information versus random noise is really apparent when you compare which MD5 hashes have personal significance to the set of all possible hashes.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
>You all use salted md5 hashing in your applications, don't you?
I was just reviewing some popular browser extensions that create site-specific passwords. Click a widget, enter a keysequence or something like that and they fill in a password that's an MD5 hash of the site name concatenated with a master password from the user.
No salt.
There are probably blackhats out there who have *memorized* the MD5 of "passwordpaypal.com".
http://www.google.com/url?sa=t&ct=res&cd=2&url=htt p%3A//www.blackhat.com/presentations/bh-asia-04/bh -jp-04-pdfs/bh-jp-04-seki.pdf&ei=iXUJQ4yLOK2UsAGU9 PzUDQ
Yeah, NTLMv2 is MD4, which is broken, doesn't allow salting, and doesn't even need to be cracked anymore, just looked up in a Rainbow table.
My question for Windows admins: can I use kerberos for everything in Windows, so it never sends a hash, never ever, ever, across the network? Just TGTs and service tickets encrypted with that hash?
That's network logins, access to shares, and any other time a password may travel across the network.
Actually I have seen many applications that fail to salt passwords before hashing them; it's depressing. Salt should be long enough to be globally unique when randomly generated. Old-style Unix passwords used a 12-bit salt, which was pathetic; 128 bits would be plenty.
In addition, it's best to iterate the hash many times, which slows down dictionary attacks. See Kelsey, Schneier et al, "Secure Applications of Low-Entropy Keys":
http://www.schneier.com/paper-low-entropy.html
The proofs in that paper are based on the assumption that the hash function is collision free, which of course MD5 isn't; another hash function might be preferable.
Xenu loves you!
Visiting this site (md5 one) resulted in pop-ups which were loaded with the StartPage Trojan which fortunately F-Secure spotted.
but as previously pointed out, with a few minor additions (as to which it depends on whether you prefer salt or pepper :p) to the procedure, this database becomes a minor security concern.
"Nobody ever went broke underestimating the intelligence of the American public." - HL Mencken
This seems to a good reason to do some obscure MD5-security hacks like nested MD5 hashing or reversing string before hashing it...
I threw this together in all of 5 seconds. http://www.cif.rochester.edu/~trevdak/md5.php
eom errr i mean
9fe9245f628fd735e094285801ef2c36
Interestingly, do a MD5 hash of 1
The result is c4ca4238a0b923820dcc509a6f75849b
Do a google search for that string.
That results in roughly 2000 hits. That's 2000 people running un-salted hashes...
The Mini Repository - more links
You DID NOT type your live passwords into that did you?
THe best way to 'shame' the admins publicly, is to crack it on your pc or laptop at home, print out the passwords, and then covertly, where there are no cameras, or if its REAL REAL busy with your sly quick hand, pin the passwords to the main notice board, then watch 50 other idiots use it to really screw up the system.
The school would be real real dumb to expell or terminate 50 students accounts.
Or if your really brave, get some weed killer and write the password on the front lawn, and watch it magically appear over the weekend. Totally funny and covert. Admins would get the sack and they would be a school legend.
Usual passwords are either startrek or hitch hickers guide related.
Liberty freedom are no1, not dicks in suits.
*Laughs Dew From Nostrils*
Oh, if you weren't an AC I'd hug you.
The Geek in Black
I know my BCD's (when I'm Sober)
Personally, I'd love to use a password with an MD5 hash that came out something like "FyoMamaSysAdmin"... any tools for generating THAT? :)
MadCow.
I used to have a sig, but I set it free and it never came back.
They have "password" but not "PASSWORD". Much less, "pAssWOrD" or "p455w0rd" or "0qww294e" (transposed up one row on querty keyboard).
John the Ripper need not fear.
--Including next week's winning lottery numbers, a picture of your face, blue prints to your house, your brain, and a nice little faster-than-light getaway vehicle and the formula for its shocking-pink meteorite-resistant paint.
It's just a matter of finding the right sequences. Or building a device which can find those sequences for you upon request. --I call such a device an, "Infinity Box".
-FL
Well... at lunch time in the cafeteria while my boss was eating a big bowl of clam chowder casually asked what the new password was changed to, just as he was about to take a spoonful.
My boss almost lost his cookies when he heard what it was. It was changed to phlegm
Well, I tested it with 2 letters and 2 numbers. I got the hash from a very quick php script I had from years ago. Then when I ran the hash through the site it said the pass is "?????" -- Failed. -- I even got the same hash for the letter/number combo through their site just in case it logs the generated hashes for later. Still failed.
Also that "Total number of cracked hashes" is looking like a random number as it was at 128, then 50, then 1. I know there are some logical answers to it, but all of them, well, silly mistakes.
I tried multiple words with simple number replacement for letters like o. The bit of blurb seems to imply this would work but as I've found out it doesnt. The word of choice? "monday".. It did have the "monday" hash in the database so you would think it would have some with numbers as the text says. So lets try "m0nday"... FAILED... Also that counter is being weird jumping from like 128 to 1 then to 50.
The crypt() function takes two arguments: a key and some salt characters. But the MD5/SHA1 functions I have seen only take one argument. So how do you salt an MD5/SHA1 hash? Is it enough to do md5 (username . password)?
I don't have a web site for this so just e-mail me an outline of your car key, the cars location, its make, its model, and plate number. Thank you for your co-operation.
Having to work for a living is the root of all evil.
Do your bit for the destruction of md5 by adding to the database using this simple script!
/usr/bin/perl
#!
system 'apg -n 5 > okpasswords';
open(passfile, "okpasswords");
while($password = ){
chop $password;
print $password.";";
}
print "\n";
Then just paste 'em in.
Farewell Md5. Thou hast served us surprisingly well.
May the Maths Be with you!
1fc011b3e5eadb933cc028aebd5a178f
If you've rooted the system anyway, you can debug the LSASS service and extract the plaintext SAM database.
Having the syskey on separate media does help you if your opponent has stolen a hard disk or backup tape though...
When I try to access the plugged website, it is full of evil pop-ups that try to force you to download expensive internet access tools.
See my journal, I write things there
3) the system administrators need reasonable deniability from user's claims of password theft.
If the user's password is stored in plain text, they can claim that you, the system administrator, have access to it. This increases your liability as the user can now disclaim responsibility for actions taken with that password, on any other system where it is used -- after all, they could have been impersonated, and they can accuse you of being the culprit.
-Hope
Use a random salt - that way, the salt changes every time you change your password, and the probability that two entries anywhere in the world have the same salt by accident can be bounded.
Xenu loves you!
From an NIS perspective, you *must* encrypt into the database.
If you've ever poked around an NIS environment, give this one a try:
ypcat passwd
Viola! It spits out the entire password file! Fire up John the Ripper and go to town. Built in compromised password databases.
(see: subject)
In the Windows XP registry (Start>Run>regedt32.exe), under HKEY_CURRENT_USER\Software\America Online\AOL InstantMesseger\CurrentVersion\Users\(screenname)\ Login,
there is a config called Password1. If you have your passwords saved on the computer, a password will be there in an md5 salted hash. This site will take that hash and unsalt it. It will aslo attempt to crack it. If that fails, at least you have an md5 hash that is pure. I have always wanted to know how this site works, so if anyone wants to hit me with some knowledge, or maybe some code, I would love it.
No, the chances of entering a loop after 65536 hashes are roughly 2^-129. If you're using a 160-bit hash then you'd likely have to hash 2^80 times or so before reaching a value you'd seen before.
Passwords are generally so pathetic that even five bits are worth having, but fifteen or even twenty bits are practical if you don't mind a tiny bit of extra server load when verifying a password.
Xenu loves you!
(Oh, and does anyone have a good site to find word lists and rule lists for john the ripper? I always have trouble finding a really good rule list.)
I do security
Considering your average P4 can spit out single MD5 hashes at a rate of ~500k per second for just the crypts with the crappy openssl implementation. One could generate that to disk in approx 10 times that amount of time due to latency of disks. Sorting could be done with a hash like storage system of directories. All and all this is a poor article and that could be generated in a matter of days with any one of the computers you pick up for 200 euro. Slashdot has poor articles lately. Forgive my english.
Why bother iterating (bringing down your performance)?
Why not just sleep for a couple of seconds instead?
You get the same slowdown but your server is happier.
Or am I not getting something?
This probably oughtn't be a top-level comment, but I didn't have the time to dig down to find a more appropriate place for it.
From an attack vector perspective, it seems pretty easy to defeat in a pretty simple way; all one really needs to do is mangle the hash in some predictable way. I wrote a Java class that inadvertently mangles (on average) half the bytes of an MD5 hash (swaps some bits around) because of some bonehead logic on my part converting unsigned bytes into hex strings. Since it mangles it the same way every time, it still functions perfectly, but its output is not a plain MD5 hash. I went through a series of hashes created by that class at the FA's website, and not one of them returned a hit.
Sure it's simplistic, it's security by obscurity, etc. etc. etc., but it's mostly effective against an attack based on precalculated hashes. An attacker would not only need to intercept the hash, but also the pattern for mangling it (entirely possible, but one more hurdle at least).
Not to mention that any of a number of other tricks, such as have been already mentioned (salting, hashing a concatenation of username/password, etc), would be equally effective.
I'll probably get modded down for Redundant or Boneheaded or Naive, but that's what's great about Slashdot. I can make my boneheaded opinions known with impugnity!
So anyway, yeah.. Should be a quick "yikes!" for anyone simply poking md5($pass) into a db, but otherwise, blah. Interesting way to chew up a huge amount of storage space, but not terribly exciting until they map all 2 ^ 128 possible hashes (over 3.402 x 10 ^ 38).
http://undecidedgames.blogspot.com
This has been done before, and with over twice the size:
http://us.md5.crysm.net/stats
Has 32,106,390 entries.
The New Zealand mirror has some 25 million entries or so.
Small fry.
There are also explanations on there of how to avoid this sort of attack, by use of proper salt, and md5(pass + md5(pass)), all the usual improvements.
http://saf.crysm.net/