MD5 Brute Force Attack



  • I've just finished working on a system that requires MD5 password hashes to be sent via email (PDF forms, long story).  I found this little gem; if you google an MD5 hash, you get the password.

     For instance: "secret", becomes "<font face="Courier" size="+1"><font color="#006600">5ebe2294ecd0e0f08eab7690d2a6ee69"</font></font>

    And when we Google it... 

     

     

    <font face="Courier" size="+1"><font color="#006600"></font></font>
     



  • ~$ echo "secret" | md5
    dd02c7c2232759874e1c205587017bed

    strange...





  • @m0ffx said:

    ~$ echo "secret" | md5
    dd02c7c2232759874e1c205587017bed

    strange...

     

    Not strange at all... You're including the newline.

     

    ~$ echo -n secret | md5

    5ebe2294ecd0e0f08eab7690d2a6ee69 



  • Did you want salt or pepper with your MD5 hashes?



  • Hope that website has fun! I make there about 4 x 10^38 md5 hashes. Each is 128 bits, ie 16 bytes, and let's assume the same for a limit on password lengths. You'd need 79 billion billion billion 1 terabyte hard drives to store them all. If you stacked them up, it would reach across most of the known universe.



  • @m0ffx said:

    Hope that website has fun! I make there about 4 x 10^38 md5 hashes. Each is 128 bits, ie 16 bytes, and let's assume the same for a limit on password lengths. You'd need 79 billion billion billion 1 terabyte hard drives to store them all. If you stacked them up, it would reach across most of the known universe.

     

    yes nuit usually passwords are not that good...

    8 letter passwords with numbers would result in up to 60^6 hashes  .. about 5 * 10^10 hashes * 32 byte .. makes hmm 1.5 TiB ... no problem there?



  • @Quicksilver said:

    yes nuit usually passwords are not that good...

    8 letter passwords with numbers would result in up to 60^6 hashes  .. about 5 * 10^10 hashes * 32 byte .. makes hmm 1.5 TiB ... no problem there?

     I get 62^8 =~ 2,2 *10^14 hashes * 32 bytes makes 6,2 pebibytes... yikes
     



  • Apparently, using Google can be easier and more reliable than fashioning your own dictionary attack.

    --RA 

     



  • <font size="-1">www.md5oogle.com/</font>



  • @sobani said:

     I get 62^8 =~ 2,2 *10^14 hashes * 32 bytes makes 6,2 pebibytes... yikes
     

    But how many Gibibytes?  (I love that word) 



  • @sobani said:

    @Quicksilver said:

    yes nuit usually passwords are not that good...

    8 letter passwords with numbers would result in up to 60^6 hashes  .. about 5 * 10^10 hashes * 32 byte .. makes hmm 1.5 TiB ... no problem there?

     I get 62^8 =~ 2,2 *10^14 hashes * 32 bytes makes 6,2 pebibytes... yikes
     

    sry misttyped 6 letters..

    still md5 is broken so it would probably be easier to calculate the hashcode directly then storing a rainbowtable...

     



  • @m0ffx said:

    Hope that website has fun! I make there about 4 x 10^38 md5 hashes. Each is 128 bits, ie 16 bytes, and let's assume the same for a limit on password lengths. You'd need 79 billion billion billion 1 terabyte hard drives to store them all. If you stacked them up, it would reach across most of the known universe.

    Which is precisely why you use rainbow tables to compress the database down to a few terabytes.

    You can no longer get away with using unsalted hashes. You should now always use a salt that is at least the same length as your hash.



  • @Quicksilver said:

    still md5 is broken so it would probably be easier to calculate the hashcode directly then storing a rainbowtable...

    Where did you get this idea? It's nonsense. You can't do that.

    What you can do is generate two strings of your own that have the same hash, where you get to pick the content of one of them (a second preimage attack). This is of very limited application. It's primarily useful in breaking signature schemes; it's useless against password hashes. 



  • @PJH said:

    Did you want salt or pepper with your MD5 hashes?

    Personally, I like ketchup.  Lots of ketchup.



  • "You should now always use a salt that is at least the same length as your hash."

    Actually, that's not quite right.  You salt the users's password such that the result is longer than 16 characters before converting it to a hash.  When creating the hash, use SHA-2 or Bcrypt rather than md5. Though I suppose salting the hash afterward wouldn't really hurt anything.

    http://www.codinghorror.com/blog/archives/000953.html



  • @jcoehoorn said:

    "You should now always use a salt that is at least the same length as your hash."

    Actually, that's not quite right.

    Actually, it is precisely right. Nothing else results in correct salting. The whole point of the exercise is to ensure that the hash has as much entropy as it should have (since rainbow tables, and database attacks in general, are an attack on hashes that are lacking entropy).



  • Came up with a simple solution: we just append a random string to the end of a users password and hash that. 😉



  • @origin_dev said:

    Came up with a simple solution: we just append a random string to the end of a users password and hash that. 😉

    We call that a 'salt'. 



  • @asuffield said:

    @origin_dev said:

    Came up with a simple solution: we just append a random string to the end of a users password and hash that. 😉

    We call that a 'salt'. 

    Aren't salts usually prepended?


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.