Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Google To Crack MD5 Passwords

Posted by kdawson on Tuesday November 20, 2007 @09:19AM from the secrets-shared-with-the-world dept.

stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."

1 of 232 comments (clear)

Min score:

Reason:

Sort:

Re:MD5 Lookup Site & Names by Cairnarvon · 2007-11-20 11:03 · Score: 5, Insightful

He didn't write the WordPress software, and presumably doesn't have the time to audit every bit of code it uses.
I doubt Bruce Schneier himself audited the entire Movable Type codebase, which he uses for his blog. Does that make Schneier "not much of a security researcher"?