MD5 hashing method
Published by Evil Bee Sunday, 29 June 2008 13:36
The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
Rainbow hash cracking
Published by Evil Bee Friday, 27 July 2007 14:29
The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it "strong". The Geekwisdom password strength meter rates it "mediocre".
Why is Ophcrack so fast? Because it uses Rainbow Tables . No, not the kind of rainbows I have as my desktop background. Although those are beautiful, too.
Cracking md5 hashes
Published by Evil Bee Friday, 27 July 2007 00:00
This article will give you a good idea how to obtain Access to critical password hashes using your social engineering, and then crack the MD5 hash using Cain
Instead of bothering with CPanel/phpMyAdmin, just go to Google and do a search for "MD5 Hash Generator", choose one, enter a password, generate the hash, and then play around with it as you see fit. These sites are readily available because generating an MD5 hash takes only 1 line of PHP code using md5() (for more info see php.net/md5). There is no need to go to the trouble of using a god-forsaken CPanel + phpMyAdmin combination...
Also, when you get tired of waiting on the brute force to crack the password for you, you should once again consult Google and this time do a search for "MD5 Hash Database", which will give you a very long list of sites that archive collections of known hashes and their corresponding passwords. Why do the work when someone else has already done it for you?
Rainbow tables for password cracking
Published by Evil Bee Thursday, 09 November 2006 00:00
An announcement about a new site offering free 'rainbow tables' on the bugtraq mailing list sparked our interest; what are these tables and what can they be used for? It turns out that rainbow tables are the result of pre-computing various one-way hash functions to facilitate decrypting them. In effect, the right set of tables makes a one-way hash function reversible for certain inputs and the inputs of interest are passwords.