[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] MD5 hash cracking service
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] MD5 hash cracking service
- From: "Gregory A. Gilliss" <ggilliss@xxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Jul 2004 13:22:31 -0700
Interesting, since MD5 hashes are supposed to be "one way", are they not?
I've often discussed setting up an "online cracking service" (think Alex
Moffet's crack seriously networked a la Beowulf with a Web interface).
Aside from the technical challenges of setting up and maintaining such
a project, the obvious issue, from a security perspective, would be trust.
For example, if I know that Alice connected from 12.3.4.5 and supplied
a hash/password, and I retained the unencrypted hash/password, would I
not now (potentially) have access to "something" (maybe accessible, maybe
privileged, maybe not) at 12.3.4.5?
Still, bravo to you for setting it up :-)
G
On or about 2004.07.01 19:03:33 +0000, md5er (info@xxxxxxxxxxxxxxxx) said:
> I've set up a quick website and system to crack md5 hashes online using
> Rainbow tables. The project is using RainbowCrack and currently ~47 Gb of
> tables. At the moment it can crack hashes of lowercase letters and/or numbers
> up to 8 characters long.
>
> The cracking service is free
>
> If you are interested you can check out the site here: http://passcracking.com
>
>
>
> Regards,
>
> staff
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Gregory A. Gilliss, CISSP E-mail: greg@xxxxxxxxxxx
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html