|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Wed Feb 03 2010 - 15:26:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:
> i find some sites which says that they can brute md5 hashes and WPA dumps
> for 1 or 2 days.
Given enough hardware and a specified md5 hash, one could at least
hypothetically find an input text that generated that hash. However, that
may or may not be as useful as one thinks, as you wouldn't have control over
what the text actually *was*. It would suck if you were trying to crack
a password, and got the one that was only 14 binary bytes long rather than
the one that was 45 printable characters long. ;)
Having said that, it would take one heck of a botnet to brute-force an MD5 has
in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5 would
take on the order of 10**22 years. If all 140 million zombied computers on the
internet were trying 1 billion keys per second, that drops it down to 10**16
years or so - or about 10,000 times the universe has been around already.
I suspect they're actually doing a dictionary attack, which has a good chance
of succeeding in a day or two.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLaeoScC3lWbTT17ARApNuAKCKWbBa85qu+RBfK5Lxn+zDJjbk7ACeOC7c
wXpeGXU6NfMwg5DDJRaTl2o=
=iQYR
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]