Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Google To Crack MD5 Passwords

Posted by kdawson on Tuesday November 20, 2007 @09:19AM from the secrets-shared-with-the-world dept.

stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."

2 of 232 comments (clear)

Min score:

Reason:

Sort:

conclusion? by Sloppy · 2007-11-20 09:34 · Score: 0, Redundant

Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think.

Uh, I thought the conclusion (which the article acknowledges near the beginning as a "preclusion") is to salt before you apply your hash function.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Salt by Aram+Fingal · 2007-11-20 09:35 · Score: 0, Redundant

This goes to show the importance of using the technique of adding salt values to passwords before hashing. Also, your salt value shouldn't be a common word ( or something which would make a common word or phrase in combination with something people are likely to use in a password).