|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] MD5 hash cracking service
From: Gregory A. Gilliss (ggilliss
netpublishing.com)
Date: Thu Jul 01 2004 - 15:22:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Interesting, since MD5 hashes are supposed to be "one way", are they not?
I've often discussed setting up an "online cracking service" (think Alex
Moffet's crack seriously networked a la Beowulf with a Web interface).
Aside from the technical challenges of setting up and maintaining such
a project, the obvious issue, from a security perspective, would be trust.
For example, if I know that Alice connected from 12.3.4.5 and supplied
a hash/password, and I retained the unencrypted hash/password, would I
not now (potentially) have access to "something" (maybe accessible, maybe
privileged, maybe not) at 12.3.4.5?
Still, bravo to you for setting it up :-)
G
On or about 2004.07.01 19:03:33 +0000, md5er (infopasscracking.com) said:
> I've set up a quick website and system to crack md5 hashes online using Rainbow tables. The project is using RainbowCrack and currently ~47 Gb of tables. At the moment it can crack hashes of lowercase letters and/or numbers up to 8 characters long.
>
> The cracking service is free
>
> If you are interested you can check out the site here: http://passcracking.com
>
>
>
> Regards,
>
> staff
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Gregory A. Gilliss, CISSP E-mail: greggilliss.com
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]