Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Online MD5 Hash Database

Posted by ScuttleMonkey on from the handy-tools-that-want-to-get-slashdotted dept.

Gravix writes with a shameless plug for his new site "Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!" Shameless plug aside, the site still seems worth a closer look.

3 of 295 comments (clear)

  1. Downloadable database form? by 5n3ak3rp1mp · · Score: 5, Interesting

    Does anyone know how to get a hold of a database such as this? As part of our IT auditing I'd like to be able to do a join of our md5-encoded user passwords (no salts or anything) with this to see whose password is insecure... yeah, that's it...

  2. Salting *and iterating* by Paul+Crowley · · Score: 5, Interesting

    Actually I have seen many applications that fail to salt passwords before hashing them; it's depressing. Salt should be long enough to be globally unique when randomly generated. Old-style Unix passwords used a 12-bit salt, which was pathetic; 128 bits would be plenty.

    In addition, it's best to iterate the hash many times, which slows down dictionary attacks. See Kelsey, Schneier et al, "Secure Applications of Low-Entropy Keys":

    http://www.schneier.com/paper-low-entropy.html

    The proofs in that paper are based on the assumption that the hash function is collision free, which of course MD5 isn't; another hash function might be preferable.

    --
    Xenu loves you!
  3. Re:Interestingly... by stray · · Score: 5, Interesting

    Hm, why did I never try this before :-) ?

    echo -n "trustno1" | md5sum
    5fcfd41e547a12215b173ff47fdd3739

    Google for it, nice vector there.
    Disturbing, to say the least.