Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Google To Crack MD5 Passwords

Posted by kdawson on from the secrets-shared-with-the-world dept.

stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."

35 of 232 comments (clear)

  1. Salt by porneL · · Score: 5, Informative

    No, the conclusion is you should always use salted hashes.

    1. Re:Salt by eln · · Score: 4, Funny

      I agree. Also, fry them in bacon fat and add pepper.

    2. Re:Salt by Anonymous Coward · · Score: 4, Interesting

      No, the conclusion is you should always use salted hashes. I agree, but this isn't something the user can do. I can't register for a site and say, "I need to remember to use salt!" The site has to implement it and implement it correctly.

      The guy posting was posting from the perspective of the user, not the author of the system. The conclusion from the summary is still accurate since you can't make the assumption that salt is always used. The next best defense is a crazy fucking password.
    3. Re:Salt by eldavojohn · · Score: 5, Funny

      And blackjack ... and hookers. In fact, forget the hashes!

      --
      My work here is dung.
    4. Re:Salt by SevenDigitUID · · Score: 4, Funny

      That's not true. The user can generate a string with something like dd if=/dev/urandom bs=21 count=1|openssl base64 , store that string, and append it the the true password each time the log in. This has exactly the same results as the site correctly implementing salting. So what you are saying is the best defense is to use a crazy fucking password?
    5. Re:Salt by Em+Adespoton · · Score: 4, Insightful

      agree, but this isn't something the user can do. I can't register for a site and say, "I need to remember to use salt!" The site has to implement it and implement it correctly.

      The guy posting was posting from the perspective of the user, not the author of the system. The conclusion from the summary is still accurate since you can't make the assumption that salt is always used. The next best defense is a crazy fucking password.


      This is why my passwords are themselves salted hashes. The likelihood of someone else using my passwords is the same as a regular hash collision, I get to use a separate password for each place one is required, and the hashing mechanism and salt are simple enough for me to keep in my head. End result: infinite number of easily generatable and retrievable passwords that look just like a hashed password when decoded.
    6. Re:Salt by Sangui5 · · Score: 4, Insightful

      Rainbow tables? Salting breaks it.
      Precomupted dictionaries? Salting breaks it.
      Brute force and compare against the whole pw list? Salting breaks it.

      Salting is your friend. Long salts don't cost much, but make many attacks completely infeasible. Unix has been using salted passwords since forever. Yet nthash *still* doesn't include a salt.

    7. Re:Salt by Anonymous Coward · · Score: 5, Funny

      Ice building up on your sidewalk? Salting breaks it.

    8. Re:Salt by Jarjarthejedi · · Score: 4, Funny

      Pretzels missing that unique flail? Salting solves it!
      Need something else to put on those fries? Salt it!
      Need to make your friend's drink taste awful? Salt is the way to go.

      (Somewhere along the line we left the analogy department :P)

      --
      There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
    9. Re:Salt by Garridan · · Score: 4, Informative

      Because if somebody gets that file, they've got your password. This way, they'll have to hack your brain, as well as your computer, to get at your password.

    10. Re:Salt by maxwell+demon · · Score: 5, Funny

      This is slashdot, we need a bad car analogy too. :P Your car rusting too slowly? Salt solves that! :-)
      --
      The Tao of math: The numbers you can count are not the real numbers.
    11. Re:Salt by csteinle · · Score: 4, Funny

      When a problem comes along, you must salt it.
      Before the cream sits out too long, you must salt it.
      When something's going wrong, you must salt it.

      Now salt it! Salt it good!

    12. Re:Salt by Sangui5 · · Score: 5, Informative

      You're implying that salting on UNIX makes attacking the hash infeasible, this is simply not true.
      Salting doesn't make breaking hashes infeasible, but it makes the attacker work harder, and makes certain highly efficient attacks infeasible.

      There are only 4096 different combinations in the salting algorithm in crypt() will use which a brute forcer can easily iterate.
      And I completely agree that 12 bits of salt is insufficient in a modern world. Which is why MacOS 10.4 and up uses 32 bits of salt, most Linux implementations use 48 bits of salt, and OpenBSD uses (a rather paranoid) 128 bits. Since it doesn't require any more effort from the user, and only a tiny amount of resources, there's no reason not to use a large salt.

      Salting a known algorithm is almost pointless because as I just described salted passwords can be just as easily defeated if you know the mechanism
      If you have the password hashes they you have the salt too. Either way, brute forcing one password is no harder. But it means you have to work harder to do a whole list of passwords, because each password has to be attacked individually.

      Salting also makes precomputation (pre-built dictionaries and rainbow tables) infeasible. Every bit of salt in essence doubles the amount of storage for your precomputation attack. This is (partly) why a fairly effective set of rainbow tables for LANMAN hashes take only 500ish MB, NTLM hashes take 8.5 GB, but even for the old Unix crypt() it would take at least 2 TB. And don't even think about trying any precomputation attacks against OpenBSD; even if the user was stupid and restricted themselves to 5 digit alphanumeric passwords, your rainbow table would consume more storage than exists. Salting makes you attack each password individually, and keeps you from doing any work ahead of time.

      this is why NT doesn't include salt.
      NTLM doesn't include a salt because (1) MS is trying to maintain a semblance of backwards compatibility with some ill-designed challenge response authentication mechanisms, and (2) they haven't learned the lesson that salting is a valuable strategy to make attacking hashes more difficult.

      Also salt was used on UNIX only because when shadow passwords didn't exist the system had to be protected against users that had the same password and could easily read the password file to compare.
      That is one reason why salts were used for old Unix crypt(). The other was to make precomputed dictionary attacks harder, which is still a valid use. Today, the best reason to use a salted hash is to avoid rainbow tables.

      Really, the modern reason to use a salt is to prevent the type of attack the original poster used, and to prevent rainbow table attacks. Both of these are good attack techniques, and salting completely moots them.

  2. MD5 Lookup Site & Names by eldavojohn · · Score: 5, Informative
    For those of you who missed it in the article, the has was:

    20f1aeb7819d7858684c898d1e98c1bb And sure enough, if you read the comments to the blog, there is a site called http://md5.rednoize.com/ that reveals that the hash is "Anthony." So although Google helped, there appears to be resources online for it (if you don't have your own Rainbow Table mega database).

    He could have discovered this if he had used a database complete with names, something I don't think would have been too difficult for him.

    This Google search idea is kind of moot if the user uses some very basic password construction such as what I've commented on before. Also, as the blog mentions, this discussion is worthless if WordPress used salting which is related to nonces used in security engineering. I think that stuff has been around for, what about five years now? Wake up WordPress!
    --
    My work here is dung.
    1. Re:MD5 Lookup Site & Names by joNDoty · · Score: 5, Funny
      Crap. From their "about" page:

      Additionaly everytime when you enter a non-md5 hash string into the search field, the md5 result for that search strings gets stored in our database for future use. Thanks for warning me. I tested to see if my password was in there... it is now!!!
    2. Re:MD5 Lookup Site & Names by Cairnarvon · · Score: 5, Insightful

      He didn't write the WordPress software, and presumably doesn't have the time to audit every bit of code it uses.
      I doubt Bruce Schneier himself audited the entire Movable Type codebase, which he uses for his blog. Does that make Schneier "not much of a security researcher"?

  3. Obligatory by Anonymous Coward · · Score: 5, Funny

    In Soviet Amerika, MD5 passwords crack you.

    1. Re:Obligatory by CrazyJim1 · · Score: 5, Funny

      What about the flip side: Using Crack to Google MD5 passwords?

      --
      God spoke to me.
  4. I wouldn't be too alarmed. by morgan_greywolf · · Score: 5, Informative

    Most MD5 password hashes, such as those used in *nix, are salted, and hence secure from this sort of vulnerability. That Wordpress uses unsalted MD5 sums to store passwords boggles my mind. It shows that the developers know even less about cryptography than I do. That's scary.

    --
    My blog
    1. Re:I wouldn't be too alarmed. by SevenDigitUID · · Score: 5, Funny

      That is totally unfair to the wordpress developers. Just because they don't care doesn't mean they don't understand.

    2. Re:I wouldn't be too alarmed. by cstdenis · · Score: 5, Interesting

      You do realize that most businesses (and therefore most websites you have accounts on) just store passwords plain text because it's easier to do tech support that way. Salted hashes are better than unsalted hashes, but most don't bother hashing at all.

      --
      1984 was not supposed to be an instruction manual.
    3. Re:I wouldn't be too alarmed. by nuzak · · Score: 4, Interesting

      That Wordpress uses unsalted MD5 sums to store passwords boggles my mind. It shows that the developers know even less about cryptography than I do. That's scary.

      Oh it's even better than that. It stores your md5 password in a plain text cookie, and if it receives such a cookie, sets an $already_md5 flag to true that's then passed to wp_login() which then just compares it literally against the unsalted md5 entry.

      <guinness>Brilliant!</guinness>

      --
      Done with slashdot, done with nerds, getting a life.
  5. Dark Helmet by Nate+Fox · · Score: 4, Funny

    So the combination is 827ccb0eea8a706c4c34a16891f84e7b. (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

  6. Let me guess by GroeFaZ · · Score: 5, Funny

    The password was hunter2?

    --
    The grass is always greener on the other side of the light cone.
    1. Re:Let me guess by omnipresentbob · · Score: 5, Funny

      What's with all the stars in your post?

  7. 5 years? by Junta · · Score: 4, Informative

    Try decades! The good old days of Unix even had salts (even if they were just two bytes)

    --
    XML is like violence. If it doesn't solve the problem, use more.
  8. In itself nothing new by owlstead · · Score: 4, Insightful

    But if I ever need to run a hash against a password database, I'll remember this lesson and first perform a Google search. Saves a lot of time and CPU cycles.

    I am already doing this for telephone calls I cannot place. If it's an institution or a person that is calling because of profession, the chances that the telephone is listed somewhere on a (search engine) accessible web page is *very* large.

  9. Re:RTFA by eln · · Score: 5, Funny

    You're correct. You have totally invalidated the points I brought up in my post. Good show.

  10. My uneducated respose would be: by newr00tic · · Score: 4, Funny

    What about the flip side: Using Crack to Google MD5 passwords? 2343e9f361fea282776586d7056025db
    --
    A horse can't be sick, you know, even if he wants to.
  11. on a related note... by sootman · · Score: 4, Interesting
    ... I wish Google would collect/show/use checksums of files in search results. It would be a great way to find identical files.* Thousands of uses:
    • I found this file on my computer and I forgot where it came from.
    • I downloaded this file but I forget where I got it. It's too big to email so I would like to send a friend a link to the original file.
    • I want to see if anyone has taken this pic from my site and posted it elsewhere.
    • This download is taking FOREVER. Is anyone else hosting this exact file?
    and many, many more. I had this idea years ago and sent it in to them but haven't heard anything since. I don't want any credit**, just implement it and let me know when it's up and running! And the funny thing is, I'm sure Google is already checksumming every file as part of how they do all their magic. All they have to do is post the data!

    * and, since collisions are possible, it would provide a nice corpus to study collisions, etc. in the real world.

    ** this isn't an entirely original idea. Linux distros have been posting checksums for years as a way to let users verify that their downloads were not corrupted; as a bonus, I (and I'm sure some others) have done searches of those values to find sites hosting that particular release.
    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  12. Man, I need to change my password NOW. by fo0bar · · Score: 4, Funny

    Results 1 - 10 of about 101,000 for d41d8cd98f00b204e9800998ecf8427e. (0.04 seconds)

  13. Re:Credibility? by dgym · · Score: 4, Informative

    Your strings have newlines in them, maybe you meant:
    echo -n happy | md5sum

    most password fields don't accept newlines, so trying without them:
    3e652df0f1332cfc9df779d49667defc - still nothing
    99b1ff8f11781541f7f89f9bd41c4a17 - still nothing
    e99a18c428cb38d5f260853678922e03 - abc123
    fd03204cfdc557b0f0d134773ae6fff5 - obscure, it finds a flash app on a site called pickles and things
    56ab24c15b72a457069c5ea42fcfc640 - happy

    So it is still not that much of a problem, but at least happy is on the list.
    I wonder if negative outlook words are more or less secure?

  14. Re:french bitch by maxwell+demon · · Score: 4, Insightful

    I just hate douche bags who can't spell. Spelling errors can make your password more secure!
    --
    The Tao of math: The numbers you can count are not the real numbers.
  15. Re:Credibility? by neonsignal · · Score: 5, Funny

    I looked these up on google, and they directed me to some slashdot page...

  16. Re:Salt.. .so then develop by davidsyes · · Score: 4, Funny

    a rad ass custom mod chip that the user injects into the cerebral cortex and obdulla loongggatta and up down undah. The user then develops Tourettes Syndrome out the ass and has shit for brains now and only has to utter some crazy fucking ass phrase to seed a crazy fucking password in the solid-state gene-erator cuz they've gone fucking goddam crazy over that motherfuckin' chip in their ass and brain.

    Crazy fucking luser. Crazy fucking assword. Crazy fuckin' whirled up world.

    The above is the 1.0 tourettes pack, silver. Stainless-fucking-steel adds an additional language pack...

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"