Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Google To Crack MD5 Passwords

Posted by kdawson on from the secrets-shared-with-the-world dept.

stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."

29 of 232 comments (clear)

  1. Obligatory by Anonymous Coward · · Score: 5, Funny

    In Soviet Amerika, MD5 passwords crack you.

    1. Re:Obligatory by CrazyJim1 · · Score: 5, Funny

      What about the flip side: Using Crack to Google MD5 passwords?

      --
      God spoke to me.
  2. Re:Salt by eln · · Score: 4, Funny

    I agree. Also, fry them in bacon fat and add pepper.

  3. Dark Helmet by Nate+Fox · · Score: 4, Funny

    So the combination is 827ccb0eea8a706c4c34a16891f84e7b. (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

  4. Let me guess by GroeFaZ · · Score: 5, Funny

    The password was hunter2?

    --
    The grass is always greener on the other side of the light cone.
    1. Re:Let me guess by omnipresentbob · · Score: 5, Funny

      What's with all the stars in your post?

  5. Re:Salt by eldavojohn · · Score: 5, Funny

    And blackjack ... and hookers. In fact, forget the hashes!

    --
    My work here is dung.
  6. Re:Salt by SevenDigitUID · · Score: 4, Funny

    That's not true. The user can generate a string with something like dd if=/dev/urandom bs=21 count=1|openssl base64 , store that string, and append it the the true password each time the log in. This has exactly the same results as the site correctly implementing salting. So what you are saying is the best defense is to use a crazy fucking password?
  7. just look for "cf99" by russ1337 · · Score: 2, Funny

    5f4dcc3b5aa765d61d8327deb882cf99 is the MD5 hash for 'password'.....

    search enough systems and you're bound to see some doosh has used it.

  8. Re:I wouldn't be too alarmed. by SevenDigitUID · · Score: 5, Funny

    That is totally unfair to the wordpress developers. Just because they don't care doesn't mean they don't understand.

  9. Re:RTFA by eln · · Score: 5, Funny

    You're correct. You have totally invalidated the points I brought up in my post. Good show.

  10. Re:I wouldn't be too alarmed. by neoform · · Score: 2, Funny

    If you've ever used wordpress before and actually looked at the code, you'll know right away that wordpress inc. does not employ programmers.

    --
    MABASPLOOM!
  11. Re:MD5 Lookup Site & Names by PFAK · · Score: 3, Funny

    He can't be much of a "security researcher" if someone hacked his own website.

    --

    Free means no restrictions, ironic the FSF's GPL forces restrictions, isn't it? What's your definition of free?
  12. My uneducated respose would be: by newr00tic · · Score: 4, Funny

    What about the flip side: Using Crack to Google MD5 passwords? 2343e9f361fea282776586d7056025db
    --
    A horse can't be sick, you know, even if he wants to.
    1. Re:My uneducated respose would be: by rmadmin · · Score: 2, Funny

      My hash is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

      --


      Can all fish swim?
  13. Man, I need to change my password NOW. by fo0bar · · Score: 4, Funny

    Results 1 - 10 of about 101,000 for d41d8cd98f00b204e9800998ecf8427e. (0.04 seconds)

  14. Re:MD5 Lookup Site & Names by Anne_Nonymous · · Score: 2, Funny

    That's remarkably close to my password hash:

    > Do0d+H!$p@SsW0rD!$t0ta1y$eCuRe

  15. Re:Salt by Anonymous Coward · · Score: 5, Funny

    Ice building up on your sidewalk? Salting breaks it.

  16. Re:Salt by Jarjarthejedi · · Score: 4, Funny

    Pretzels missing that unique flail? Salting solves it!
    Need something else to put on those fries? Salt it!
    Need to make your friend's drink taste awful? Salt is the way to go.

    (Somewhere along the line we left the analogy department :P)

    --
    There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
  17. Re:MD5 Lookup Site & Names by DaFallus · · Score: 2, Funny

    And sure enough, if you read the comments to the blog, there is a site called http://md5.rednoize.com/ that reveals that the hash is "Anthony." So although Google helped, there appears to be resources online for it (if you don't have your own Rainbow Table mega database).

    Another reverse md5 hash lookup

    I have to agree with everyone else so far, pass the Salt.

    --
    No one cares what your captcha was

    Houston TX, USA
  18. Re:MD5 Lookup Site & Names by joNDoty · · Score: 5, Funny
    Crap. From their "about" page:

    Additionaly everytime when you enter a non-md5 hash string into the search field, the md5 result for that search strings gets stored in our database for future use. Thanks for warning me. I tested to see if my password was in there... it is now!!!
  19. Re:Credibility? by garompeta · · Score: 2, Funny

    With all my respect, 596a96cc7bf9108cd896f33c44aedc8a

  20. Re:Salt by maxwell+demon · · Score: 5, Funny

    This is slashdot, we need a bad car analogy too. :P Your car rusting too slowly? Salt solves that! :-)
    --
    The Tao of math: The numbers you can count are not the real numbers.
  21. Re:Salt by csteinle · · Score: 4, Funny

    When a problem comes along, you must salt it.
    Before the cream sits out too long, you must salt it.
    When something's going wrong, you must salt it.

    Now salt it! Salt it good!

  22. Re:Credibility? by neonsignal · · Score: 5, Funny

    I looked these up on google, and they directed me to some slashdot page...

  23. Security through obscurity by megaditto · · Score: 2, Funny

    But nobody will guess that the search string "jennifer lopez" is my actual password. I am still safe for now.

    --
    Obama likes poor people so much, he wants to make more of them.
  24. Re:Salt.. .so then develop by davidsyes · · Score: 4, Funny

    a rad ass custom mod chip that the user injects into the cerebral cortex and obdulla loongggatta and up down undah. The user then develops Tourettes Syndrome out the ass and has shit for brains now and only has to utter some crazy fucking ass phrase to seed a crazy fucking password in the solid-state gene-erator cuz they've gone fucking goddam crazy over that motherfuckin' chip in their ass and brain.

    Crazy fucking luser. Crazy fucking assword. Crazy fuckin' whirled up world.

    The above is the 1.0 tourettes pack, silver. Stainless-fucking-steel adds an additional language pack...

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
  25. Salt it by kauttapiste · · Score: 2, Funny

    Use no password that any other human being has ever used, or is ever likely to use, for any purpose.
    I'd take that advice with a pinch of salt. :-)
  26. Re:Salt by ArsenneLupin · · Score: 2, Funny

    Pretzels missing that unique flail? Salting solves it! Crazy madman bombing your country/taking away your freedoms? Pretzels solve it!