View Single Post
Old 2009-06-23, 14:41   #9
lavalamp
 
lavalamp's Avatar
 
Oct 2007
London, UK

101000100012 Posts
Default

Well for a password hash I wouldn't need to find a word other than Xilman, because if Xilman were the password it would do just fine assuming an algorithm could find it. However, here is an example of two programs, one a simple "Hello, world!" and the other a fake evil hard drive erasing program.
http://www.mscs.dal.ca/~selinger/md5collision/

There is also a program there to generate matching hash programs from an original program.

On this /. post from 2005 (so quite old) some code was posted that can apparently generate MD5 collisions in, "45 minutes on a 1.6 GHz P4." Though I think that it only finds two strings with the same hash, you can't supply a hash and find a string to generate it.

Then of course there's this crypto paper that was referenced in the MD5 wikipedia article, which describes a method to, "decrease the average time of MD5 collision to 31 seconds." But also, "On PC Intel Pentium 4 (3,2 GHz) it is 17 seconds in average."

Then there are the researchers that used a crap load of PS3s to fake a certificate in 3 days.

Rainbow tables are a wonderful thing though:
http://project-rainbowcrack.com/

MD5 rainbow tables can be generated (in a fairly large amount of time), or even downloaded from some places, and then the plaintext Xilman could be determined from the hash rather quickly after that, a matter of seconds in fact. For a determined password cracker using these utilities, it would be feesible to generate and store rainbow tables for all ASCII printable characters up to 8 chars in length which would weigh in at 1 TB. However, from what I understand rainbow tables are a time/space trade-off, so if you wouldn't mind taking an hour or so to crack a password instead of a few seconds, I would think the rainbow tables could be significantly lowered in size and could therefore be generated for longer character passwords.

MD5 is broken in the same way that WEP is broken. OTHER people can defeat them, not me.

I tried breaking WEP at home once with BackTrack, but I was somewhat hampered by two key problems, my inability to do anything useful in Linux and also my complete unfamiliarity with any of the tools, therefore I was unable to make any progress. I should mention that it was my own WEP "secured" network, not a neighbours, and when I finally gave up, I configured it back to WPA again.
lavalamp is offline   Reply With Quote