L4N

Crack MD5 Hashes Online

9 posts in this topic

Info from the site:

Message Digest Algorithm 5, commonly referred to as MD5, is the internet standard in security applications. The algorithm yields a hash consisting of a 32 digit hexadecimal number, allowing for 2^128 unique outputs. There is no way to decrypt an MD5 hash. While there is no way to decrypt an MD5 hash, they can be cracked. An attacker may use a brute force method in an attempt to crack a hash. Brute forcing is when the attacker puts all imaginable combinations of characters through the algorithm and checks the outputs. When an output is generated with the same hash as the original, the attack is finished and the attacker has cracked the hash. NetMD5Crack offers another way for security analyzers to decrypt hashes. We have compiled a database of over 7,000,000 hashes and their plain text. To use our service simply enter a hash into the cracker. Our database will be searched thereafter. If we find a have the hash already then the plain text will be returned, saving you hours of time executing brute force attacks.

Link:

www.NetMD5Crack.com

0

Share this post


Link to post
Share on other sites

7 Million isn't all that much. Just to cover 5 lower-case letters would require 11 million entries. That's without adding capital letters, numbers, or symbols.

Using CUDA, you could compute 110 million of them a second anyways with a low-end GeForce 8800. A more moden GTX 295 can compute 880 million MD5 hashes per second. Or, using your CPU only, you could compute 70 million hashes per second (Core 2 Quad).

Edited by Seal
0

Share this post


Link to post
Share on other sites
7 Million isn't all that much. Just to cover 5 lower-case letters would require 11 million entries. That's without adding capital letters, numbers, or symbols.

Using CUDA, you could compute 110 million of them a second anyways with a low-end GeForce 8800. A more moden GTX 295 can compute 880 million MD5 hashes per second. Or, using your CPU only, you could compute 70 million hashes per second (Core 2 Quad).

This question is probably "googlable", but do you know if one can cluster graphic cards to brute force encryption with CUDA? It would be cool to have a dedicated cracking server with a MoBo stacked with graphic cards..

0

Share this post


Link to post
Share on other sites

Even if it's not possible or feasible to do this in one machine, it's an easily parallelizable task so you could just as easily have two machines with powerful vector processors. A small cluster with really fast CPUs and vector processors could really chew through the keyspace.

Here's an idea of how you can fight this: absurdly large salts. I'm talking gigabyte-sized salts. Actually, it's just occurred to me that that's completely useless. A hash will only have one salt, and that'll be stored in plaintext. Simply compute the hash of the salt, save the state of the MD5 machine and clone it to compute salt + key hashes without having to hash the salt more than once. What are some of the ways you can counter the speed of modern computers?

One way would be designing a hashing algorithm or protocol that takes the most amount of CPU time possible. Most of the time, this will be a small amount of your server's load, so there won't be that much impact on authentication. For any attacker trying to reverse your hashes, it'll slow them down hopefully past the magical 30 day mark. It'll have to be scalable to account for increasing computer speeds as well. Something like how SHA has multiple hash sizes, only not necessarily increase the hash size any, just the amount of time it takes to compute that hash.

0

Share this post


Link to post
Share on other sites

The idea of a repository is sound. The NSA and other intelligence agencies have probably done this. The NSA undoubtedly has specially designed hardware whose only function is to say generate a hash table. In fact there is a reason why certain levels of encryption are not allowed to be exported or even used in this country. It's so NSA can crack it if need be. Most commercially used encryption standards although not "broken" by specially designed hardware is impaired significantly; combine that with mathematical flaws and you have Big Brother snooping at will.

Take MD5 for instance...although like you say it is 2^128 possibilities it is known mathematically that MD5 is only secure for 2^64 possibilities which is *not* secure by today's standards. Like some of you said, you can linked your NVDIA or ATI cards and almost guarantee success over a sample group. That is, by attempting only so far along a group of hashed password accounts. Think of it like like in the old days when you attempted to guess passwords by using the most common words, names, etc.

The reason why MD5 is good for only 2^64 possibilities is that it has been shown that two separate passphrases could generate the same hash. So although the passphrase may be "FindMe" and hashed to look like 3A4D5F (obviously not a real hash) another passphrase like "BiteMe" would be hashed identically, 3A4D5F.

So say, Green Dam for instance, the new Chinese snoop tool for their citizens, it is known to save the passwords in a hash in a given directory. Here you can actually just replace the hash and hack into it, but say it was like Windows which also stores a password in a hash. Well, even though you might not guess the correct password, it doesn't matter because in 2^64 possibilities you will find a phrase that generates the same hash. This will let you in since a the authentication is only comparing hashes. It doesn't understand semantically that they are two different passphrases.

It would be cool if we could set up a "SETI" like program whereby we can link our computer's spare processing and generate a massive hash database. Hmmm...

-----Phail_Saph-----

0

Share this post


Link to post
Share on other sites

7 million hashes? You'd have better luck Googling the hash...

0

Share this post


Link to post
Share on other sites

What a great idea. Lets post our private hashes for the world to see. Genius. :roll:

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now