Online MD5 Cracking Service 401
toast writes "Did you forget your password but have your /etc/shadow? If so, this site is for you. Submit a MD5 hash and within a few days you'll have an answer. Of course, once Slashdot has its way, you'll have to wait a few years for an answer.. At least now I'll always know what f3789b3c1be47758203f9e8a4d8c6a2a means.."
Dictionary attack (Score:5, Interesting)
Re:Dictionary attack (Score:4, Insightful)
I never really looked into exactly how crypt [daimi.au.dk] works, so I can't say for sure if it use iterated hashing. But in the case of MD5 passwords, it does indeed use a 48 bit salt (8 chars base 64 encoded). So mentioning
Re:Dictionary attack (Score:5, Funny)
See, that's why I have a blank root password...so they spend all that time cracking something that doesn't exist.
Re:Dictionary attack (Score:5, Funny)
I'm not entirely sure what a foob is, but I'm pretty sure we have at least 98 of them here.
Re:Dictionary attack (Score:3, Insightful)
Re:Dictionary attack (Score:4, Interesting)
How much would that help? Presumably everybody submiting a password to have cracked have a different salt, so how much can they help each other? Of course if you want to find the reverse image of a hash value by brute force, it would help to have a lot of machines working on it, and if everybody had a list of all the hashes being searched for, they could help each other. But brute forcing MD5 this way is something that wouldn't be realistic now, maybe in a 100 years we will have enough computing power to do that. So some shortcuts must be made, which is why they allow only short passwords using a restricted set of chars. This "service" will only find the password from a small set with 42 bits of entropy, the salt alone have 48 bits of entropy. Probably you could make similar shortcuts even given a salt, but they would have to be aimed at one particular salt.
Re:Dictionary attack (Score:3, Funny)
Re:Things I've always wanted to know about salting (Score:5, Informative)
root:$1$abcdefge$abcd1234efg789hijklmno:0:0:...
You'll notice that the password field (the stuff after the 1st colon, and before the 2nd colon) is itself divided into 3 fields separated by dollar signs. The purpose of these fields are:
1st field - Identifies hashing method. This allows for future changes to how the password in stored while allowing backward compatability with existing passwords.
2nd field - This contains the salt used to hash the password. In order to verify a new password, this exact salt must be used in the hashing process. Since in this case, it's 8 characters long and each character can be one of 64 values, it means that each possible password my be hashed into one of 2^48 different values. This salt is generated randomly at the time that you set your password. The randomly generated salt is then stored here for use in verifying future authencation attempts.
3rd field - This is the actual hashed password using the salt specified in the previous field. It is 22 characters long, which with base 64 encoding can store 132 bits. Since MD5 only hashes to 128 bits, there are 4 unused bits at the tail end of this value.
Hmmmmmm (Score:5, Insightful)
Re:Hmmmmmm (Score:5, Funny)
you should not worry about it
they just publish it [passcracking.com] on the internet
Re:Hmmmmmm (Score:2, Insightful)
How many people have your MD5 hash? If someone saw a MD5 hash and its associated plaintext password could they attribute to you or one of your machines? If the answer is "yes", then you have a lot more problems than this website.
Re:Hmmmmmm (Score:5, Informative)
Re:Hmmmmmm (Score:5, Funny)
Re:Hmmmmmm (Score:5, Funny)
Did someone mention sex?
-
Re:Hmmmmmm (Score:3, Funny)
Re:Hmmmmmm (Score:2, Interesting)
Re:Hmmmmmm (Score:2, Informative)
Profit! (Score:5, Funny)
Step 2: Get a bunch of bored slashdotters to post their password hashes, and log their IPs
Step 3: Crack the hashes, keep the passwords
Step 4: h4xx0r!
Re:Hmmmmmm (Score:3, Interesting)
Windows users not left out! (Score:5, Interesting)
A /. 1st? (Score:4, Funny)
Re:A /. 1st? (Score:3, Funny)
Re:A /. 1st? (Score:5, Funny)
Re: (Score:3, Funny)
What it really means (Score:4, Funny)
Processing....
(Three days later)
Processing Complete: Result is 42
Re:What it really means (Score:5, Informative)
"f3789b3c1be47758203f9e8a4d8c6a2a" = "goatse"
So stop submitting it!
Re:What it really means (Score:5, Informative)
$ echo -n goatse | md5sum
f3789b3c1be47758203f9e8a4d8c6a2a -
So parent is right.
Re:What it really means (Score:4, Funny)
Re:What it really means (Score:4, Funny)
Re:What it really means (Score:3, Informative)
if you could get the same hash from two different passwords, then you would have multiple passwords for every user on most Linux/Unix computers. The 42 answer was a joke,
Re:What it really means (Score:4, Informative)
Also, one hash maps to infinitely many unique items. Read up on the pigeonhole principle. The short form is that there are only 2^128 md5 hashes, so if there are more than 2^128 things which can be hashed (and there are) then more than one of those will map onto the same md5 hash. Granted, at least one of the passwords will have to be longer than 16 bytes and it'll be likely to have non-printable or high-ASCII/UTF-8/whatever garbage in it, but it's still possible.
(And, the converse is that no matter how long your password is, there'll always be a 16-character string which is equivalent to it.)
Passwords (Score:2, Funny)
Re:Passwords (Score:4, Informative)
Remember: Don't Panic!
-Mind
Um....couldn't you just change it yourself? (Score:5, Insightful)
I don't know, what would this be usefull for? Remote admin tasks perhaps?
Re:Um....couldn't you just change it yourself? (Score:3, Informative)
Re:Um....couldn't you just change it yourself? (Score:2)
Sounds like a faster rescue without the need for a CD.
Have you tried this yourself?
I am curious about filesystems being mounted and such when you do this.
Re:Um....couldn't you just change it yourself? (Score:5, Informative)
Re:Um....couldn't you just change it yourself? (Score:3, Interesting)
Surely just once will flush all data to the hard disk controller buffers, which will then be flushed to the disk surface during the reset that the BIOS will send them during a warm boot?
Re:Um....couldn't you just change it yourself? (Score:3, Informative)
But since I've heard many times that on some systems, the first sync merely schedules dirty pages for writing, while the second sync won't return until the first sync has completed (buffers actually flushed), I've always gone for the safer bet.
Syncing three times is also a popular way of doing it. I've also noticed that the number of syncs I perform before reboot -f'ing correlates to the amount of coffee I've had.
Re:Um....couldn't you just change it yourself? (Score:3, Informative)
Alternately, one could simply count to five or
Too much detail on FreeBSD's reboot habits (Score:3, Interesting)
Now, if only shutdown(8) called sync once, we'd be
Re:Um....couldn't you just change it yourself? (Score:3, Informative)
I have tried it once, and it does in fact work. (Not that I would have needed to try it, I knew it would work).
I am curious about filesystems being mounted and such when you do this.
There is one detail you must remember. The root filesystem is normally mounted read only if you follow the example, so you would have to remount it read/write before trying to change the password. Or you could just add rw to the boot command. Of course you have to type
Re:Um....couldn't you just change it yourself? (Score:4, Funny)
Re:Um....couldn't you just change it yourself? (Score:2)
Re:Even worse... (Score:5, Insightful)
Yes, because knowing the password means that you automatically know the IP address too, right?
Personally, I think it would be better if they released an app that does this.
Yeah, a 47GB app. That'd be a snap to download.
They're using RainbowCrack - the app is no secret.. it's the data tables that make this useful.
Hmm (Score:3, Insightful)
Re:Hmm (Score:5, Insightful)
Joe bloggs on his shell account isn't going to be able to get it is he ?
Re:Hmm (Score:3, Insightful)
Re:Hmm (Score:2, Insightful)
I'll bet you pay attention to this message on websites:
don't you?The site is netrual, it's the uses that are irresponsible. And a silly disclaimer doesn't change that.
Stop this nonsense (Score:4, Informative)
We offer a similar service (Score:4, Funny)
1. SS#
2. Mother's maiden name
3. Address of the account with the forgotten password
4. ID of the account with the forgotten password
5. MD5 Hash of the forgotten password
Please send all info to The Good Samaritans c/o Nigerian Embassy.
Nothing new. (Score:4, Informative)
Now, distributed md5 cracking would be quite interesting.
Re:Nothing new. (Score:5, Funny)
Re:Nothing new. (Score:3, Funny)
Re:Nothing new. (Score:5, Funny)
Question (Score:4, Interesting)
Re:Question (Score:5, Funny)
Re:Question (Score:2, Insightful)
Re:Question (Score:2, Informative)
The shadow file contains the login name, the hashed password, and some other stuff that I don't recall. This file is readable by root only.
Re:Question (Score:3, Informative)
Re:Question (Score:3, Informative)
If we could rename
Re:Question (Score:3, Funny)
(just kidding)
Umm.. (Score:5, Informative)
If your password is under 8 characters and contains only lowercase letters and digits, you deserve to be cracked.
If you use a proper password, then you have nothing to fear from this "service"
Re:Umm.. (Score:3, Insightful)
If your password is under 8 characters and contains only lowercase letters and digits, you deserve to be cracked. If you use a proper password, then you have nothing to fear from this "service"
Why am I so vulnerable if I don't have > 8 character passwords? Only root can look at
Re:Umm.. (Score:3, Informative)
Anything > 8 takes long enough to crack for it to be somewhat secure.
Re:Umm.. (Score:3, Informative)
What he's neglected to consider is that his password hash might be revealed by an exploit that can only read files as root, but not make modifications, thus enabling a crack which allows someone to log in with full access. E.g., an 'htpasswd' file inside a public web directory on which some dull admin had failed to ensure couldn't be accessed by an i
Re:Umm.. (Score:4, Interesting)
'scuse me? (Score:4, Insightful)
1) Get the admin to change it for you.
or, if you've lost the root password
2) Boot through some external method (generally from CD or network) and change your password that way.
Admins should keep the shadow file safe from malicious access, but this is giving it to a 3rd party... bad juju.
How much use? (Score:3, Interesting)
a-z;0-9 [8]
This just seems sorta pointless. Many people are ocmplaining about you getting a password for someone else's stuff -- but if they put a capital letter, or any sort of special character, they're safe from this attack. Is there a reason that they didn't add capital letters into the algorithm?
Re:How much use? (Score:4, Informative)
possible answer: (Score:5, Funny)
. . . not just you . . . (Score:4, Insightful)
A quick check of hashes pending results shows that not only will you know, but also the 52 dronelike /.ers who submitted the same hash.
Tip: Change your password.
why? (Score:2, Interesting)
Interesting... (Score:3, Interesting)
This project is using RainbowCrack [antsight.com] technology
Heading on over to the RainbowCrack [antsight.com] page, we find (at the bottom):
Contact Information
Zhu Shuanglei shuanglei[at]hotmail.com
Member of Kingnet Security, Inc.
Shanghai, China
Re:Interesting... (Score:4, Funny)
It will be a cold day in Hell before I hand my
Thank you so very much for enlightening me and the rest of
Re:Interesting... (Score:3, Funny)
hash (Score:4, Funny)
Brute force search (Score:5, Informative)
Stop yammering about your passwords, folks (Score:5, Informative)
Re:Stop yammering about your passwords, folks (Score:3, Funny)
a simple solution- use a salt (Score:4, Informative)
Not to mention adding in special chars and uppercase letters, which would increase the database by 600 fold, assuming it's linear...
If this works, your password is not strong enough. (Score:3, Insightful)
I purchase old computers all the time (where old is relative of course) often with passworded logins, or -always- the owner forgot the root password. Every OS I've come across with has had a way to get past the password protection -IF YOU HAVE PHYSICAL ACCESS-
Now if you lose your login on your unix machine that you have remote access to only, contact whoever hosts it, have -them- break it open for you. If they don't know how... question their admin-fu.
A short range MD5 cracker. Neat tho, but nothing more than brute force no?
It gives one pause... (Score:5, Interesting)
More to the point, consider "cracking" passwords in this manner:
The NSA has been reported to have ACRES of computer space; their own chip fab and some of the fastest computers in the world.
What if, decades ago, they just dedicated banks of systems to cracking all possible passwords hashed with crypt. Then, a few years later, did the same thing with MD5, SHA-1, and Blowfish -- as each became available.
They store all this stuff in a table, and now getting passwords to most systems is nothing more than a quick table lookup.
Yes, I know the math. However, add in a bit of psychology and statistics.
Most people don't use characters you can't type on a keyboard for a password. VERY few do ALT-nnn or something like that. Most are going to be puire alpha, or alphanumeric. Some will contain special characters.
Meaning, you don't have to exhaust the entire 8-bit character space to get the vast majority of what you're looking for.
Is it really a surprise that something like this is starting to be possible on consumer systems?
Heck, imagine a beowulf cluster dedicated to this...
Re:It gives one pause... (Score:3, Informative)
Approximately 30 cpu cycles per byte, rounded up to a block size of 16 bytes, I think. That's assuming you can't vectorize the operations easily. That suggests that an average consumer system could generate the table for this project in approximately a week. Vectorize that correctly and you can probably halve it.
Re:It gives one pause... (Score:3, Insightful)
As should be obvious, a table lookup through a few terabytes of data isn't all that quick.
That's what this is all about. Rainbow crack, which is what the original posts site is using, is a faster way to look things up in tables. So when they say it works for anything a-z,0-9, then they mean that they have precalculated all those passwords (up to 8 chars) and what you are in fact doing
How it works (Score:5, Informative)
It is a time-memory tradeoff. They come up with a "reduction function" R, which maps hashes into keys. It is not a reversal of the md5 algorithm, it just generates some key based on the hash. Then they create sequences of hash, key, hash, key, hash, key... with each key being the reduction function applied to the previous hash, and each hash being the hash function applied to the previous key. They stop their sequences when they reach "distinguished values," which may e.g. have 0's for the first 12 bits. Then they store the start and endpoints of the sequence.
So now they have a list of start and endpoints for these chains of hashes and keys. To crack a hash, they apply the same process to it - reduction function, hash, reduction function, hash, until they reach a value that is in their table of endpoints. Then they begin at the startpoint associated with that endpoint, and regenerate the sequence up to the hash they're trying to crack. Since the key directly before that hash hashes to that hash, they've successfully cracked the hash.
The "rainbow" refers to the recent innovation of using a different reduction function for each step of the sequence, i.e. using R1 on the first hash, R2 on the second, etc. This means that, even if two sequences contain the same hash, they probably won't be exactly the same after that - a significant problem with the older method of having a single reduction function.
If you want to read about this in more detail with math symbols and such, the pdf is linked from the site.
Imagine if this was spaceballs with a twist (Score:5, Funny)
HELMET 827ccb.
SANDURZ 827ccb. (writes)
ROLAND 0eea8a.
HELMET 0eea8a.
SANDURZ 0eea8a. (writes)
ROLAND 706c4c.
HELMET 706c4c.
SANDURZ 706c4c (writes)
ROLAND 34a1689.
HELMET 34a1689.
SANDURZ 34a1689. (writes)
ROLAND (hesitates) 1f84e7b.
HELMET 1f84e7b.
SANDURZ 1f84e7b. (writes)
HELMET So the combination is 827ccb0eea8a706c4c34a16891f84e7b (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing a fucking n00b would have on his Windows box.
827ccb0eea8a706c4c34a16891f84e7b! (Score:3, Funny)
Keepass (Score:3, Informative)
Anyway, time to change up to SHA1 ;)
Slashdot has been used (Score:4, Informative)
17:25 <ge_> !!
17:26 <toast> interesting
17:26 <toast> let's DoS it
17:26 <ge_> hehehehe
17:26 <toast> just write a distributed tool to submit nonsense and keep the queue full
17:26 <ge_> worse
17:26 <ge_> let's slashdot it!
17:27 <toast> haha
17:27 <toast> perfect
or you could just use this... (Score:3, Interesting)
use Digest::MD5;
use constant POSSIBLE_CHARS => 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKL
use constant LAST_POSSIBLE_CHAR => substr(POSSIBLE_CHARS, length(POSSIBLE_CHARS) -1, 1);
use constant FIRST_POSSIBLE_CHAR => substr(POSSIBLE_CHARS, 0, 1);
print "Digest:\t";
$digest = <STDIN>;
chomp($data);
$ctx = Digest::MD5->new;
print "Beginning to decrypt...\n";
$attempts = 0;
$current_string=FIRST_POSSIBLE_CHAR;
$start _time = time();
while($digest ne $attempt)
{
$current_string = next_string($current_string);
$attempts++;
$ctx->reset();
$ctx->add($current_string);
$attempt=$ctx->hexdigest();
}
$end_time = time();
print "String decrypted...\n";
print "String = '$current_string'\t\t\tHash = $attempt\n";
$time_to_complete = $end_time - $start_time;
$seconds = $time_to_complete % 60;
$time_to_complete = ($time_to_complete - $seconds) / 60;
$minutes = $time_to_complete % 60;
$time_to_complete = ($time_to_complete - $minutes) / 60;
$hours = $time_to_complete % 24;
$time_to_complete = ($time_to_complete - $hours) / 24;
$days = $time_to_complete % 7;
foreach $unit (($seconds, $minutes, $hours))
{
if($unit < 10) { $unit = '0' . $unit; }
}
print "String found in $days days, $hours:$minutes:$seconds\t\t\t$attempts cycles\n";
sub next_string
{
($string) = @_;
$last_char_of_string = substr($string, length($string) - 1, 1);
unless( $last_char_of_string eq LAST_POSSIBLE_CHAR )
{
substr($string, length($string) - 1, 1, substr(POSSIBLE_CHARS, ( rindex(POSSIBLE_CHARS, $last_char_of_string) + 1 ), 1));
return $string;
}
else
{
if( (length($string) == 1) && ($string eq LAST_POSSIBLE_CHAR))
{
return FIRST_POSSIBLE_CHAR . FIRST_POSSIBLE_CHAR;
}
else
{
return next_string (substr($string, 0, length($string) - 1) ) . FIRST_POSSIBLE_CHAR
}
}
}
Re:Thanks a lot! (Score:2, Informative)
Re:Load of Crap... (Score:3, Insightful)
But then why wouldn't that be good enough?
Re:Load of Crap... (Score:2)
That's good enough for comparing encrypted passwords.
Re:Load of Crap... (Score:2)
Re:Load of Crap... (Score:5, Informative)
You are mistaken, sir. A combo that produces the same hash is indeed the right answer.
This is something most people never think about. You actually could have several passwds that work for a given account...anything that hashes to the same thing is a working passwd.
Re:Load of Crap... (Score:3, Interesting)
Another neat example of this principle at work is the soundex [wikipedia.org] hash function, which was designed for the US Census to lookup names. It encodes a name such as Johnson as an alphanumerical code J525. Other, similar names, such as Jonsson, Joganson and even Jamieson and Jenkins are converted to J525 as well. In this way, even if peo
Re:MD5 vs SHA-1 (Score:2, Informative)
Re:MD5 vs SHA-1 (Score:5, Interesting)
Don't count on it. When you create an executable it is easy to put 17 bytes somewhere, that is really not used for anything. After this has been done just start searching for a combination of those 17 bytes that produce the expected hash. It is very likely that more than one choice will exist. Of course this would take too much time.
It is easier to produce a collision. Create two executables, and instead of the 17 bytes from before just leave 9 unused bytes in each file. Then try all choices for each of the two files, and sort the results to find your collision. 2*256^9 is way smaller than 256^17. Of course even this is still infeasible. But it will be possible in a few (50) years. Using SHA1 is a bit better, but it will only take about 100000 times as much CPU time to find a SHA1 collision as an MD5 collision. Which means the computer to do it will be available about 25 years later than the one to find an MD5 collision (assuming More's law still holds).
Re:Debian Security? (Score:3, Informative)
The only thing that makes this remotely feasible is the limited character set and the length limit, which puts the total possible combinations it looks through at about 2.9 trillion. If they were to use uppercase letters as well, the total numbe