Slashdot Mirror


Using Google To Crack MD5 Passwords

stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."

20 of 232 comments (clear)

  1. Obligatory by Anonymous Coward · · Score: 5, Funny

    In Soviet Amerika, MD5 passwords crack you.

    1. Re:Obligatory by CrazyJim1 · · Score: 5, Funny

      What about the flip side: Using Crack to Google MD5 passwords?

  2. Re:Salt by eln · · Score: 4, Funny

    I agree. Also, fry them in bacon fat and add pepper.

  3. Dark Helmet by Nate+Fox · · Score: 4, Funny

    So the combination is 827ccb0eea8a706c4c34a16891f84e7b. (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

  4. Let me guess by GroeFaZ · · Score: 5, Funny

    The password was hunter2?

    --
    The grass is always greener on the other side of the light cone.
    1. Re:Let me guess by omnipresentbob · · Score: 5, Funny

      What's with all the stars in your post?

  5. Re:Salt by eldavojohn · · Score: 5, Funny

    And blackjack ... and hookers. In fact, forget the hashes!

    --
    My work here is dung.
  6. Re:Salt by SevenDigitUID · · Score: 4, Funny

    That's not true. The user can generate a string with something like dd if=/dev/urandom bs=21 count=1|openssl base64 , store that string, and append it the the true password each time the log in. This has exactly the same results as the site correctly implementing salting. So what you are saying is the best defense is to use a crazy fucking password?
  7. Re:I wouldn't be too alarmed. by SevenDigitUID · · Score: 5, Funny

    That is totally unfair to the wordpress developers. Just because they don't care doesn't mean they don't understand.

  8. Re:RTFA by eln · · Score: 5, Funny

    You're correct. You have totally invalidated the points I brought up in my post. Good show.

  9. Re:MD5 Lookup Site & Names by PFAK · · Score: 3, Funny

    He can't be much of a "security researcher" if someone hacked his own website.

    --

    Free means no restrictions, ironic the FSF's GPL forces restrictions, isn't it? What's your definition of free?
  10. My uneducated respose would be: by newr00tic · · Score: 4, Funny

    What about the flip side: Using Crack to Google MD5 passwords? 2343e9f361fea282776586d7056025db
    --
    A horse can't be sick, you know, even if he wants to.
  11. Man, I need to change my password NOW. by fo0bar · · Score: 4, Funny

    Results 1 - 10 of about 101,000 for d41d8cd98f00b204e9800998ecf8427e. (0.04 seconds)

  12. Re:Salt by Anonymous Coward · · Score: 5, Funny

    Ice building up on your sidewalk? Salting breaks it.

  13. Re:Salt by Jarjarthejedi · · Score: 4, Funny

    Pretzels missing that unique flail? Salting solves it!
    Need something else to put on those fries? Salt it!
    Need to make your friend's drink taste awful? Salt is the way to go.

    (Somewhere along the line we left the analogy department :P)

    --
    There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
  14. Re:MD5 Lookup Site & Names by joNDoty · · Score: 5, Funny
    Crap. From their "about" page:

    Additionaly everytime when you enter a non-md5 hash string into the search field, the md5 result for that search strings gets stored in our database for future use. Thanks for warning me. I tested to see if my password was in there... it is now!!!
  15. Re:Salt by maxwell+demon · · Score: 5, Funny

    This is slashdot, we need a bad car analogy too. :P Your car rusting too slowly? Salt solves that! :-)
    --
    The Tao of math: The numbers you can count are not the real numbers.
  16. Re:Salt by csteinle · · Score: 4, Funny

    When a problem comes along, you must salt it.
    Before the cream sits out too long, you must salt it.
    When something's going wrong, you must salt it.

    Now salt it! Salt it good!

  17. Re:Credibility? by neonsignal · · Score: 5, Funny

    I looked these up on google, and they directed me to some slashdot page...

  18. Re:Salt.. .so then develop by davidsyes · · Score: 4, Funny

    a rad ass custom mod chip that the user injects into the cerebral cortex and obdulla loongggatta and up down undah. The user then develops Tourettes Syndrome out the ass and has shit for brains now and only has to utter some crazy fucking ass phrase to seed a crazy fucking password in the solid-state gene-erator cuz they've gone fucking goddam crazy over that motherfuckin' chip in their ass and brain.

    Crazy fucking luser. Crazy fucking assword. Crazy fuckin' whirled up world.

    The above is the 1.0 tourettes pack, silver. Stainless-fucking-steel adds an additional language pack...

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"