Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Internet

New Online MD5 Hash Database 295

Gravix writes with a shameless plug for his new site "Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!" Shameless plug aside, the site still seems worth a closer look.
This discussion has been archived. No new comments can be posted.

New Online MD5 Hash Database

Comments Filter:
  • quick (Score:5, Funny)

    by Lehk228 ( 705449 ) on Sunday August 21, 2005 @11:42PM (#13369667) Journal
    Quick! everybody go test your password security by sending it to a random web site
    • Re:quick (Score:2, Interesting)

      by qaq ( 908831 )
      Y it's so unsecure because there is this public database of IPs availible so they won't have to try many hosts to find the one with your password.
      • Re:quick (Score:3, Informative)

        by TheRaven64 ( 641858 )
        It didn't have my password (hash: ae5799ed7235ff7d43a19073c74f4667), which was quite a surprise. It's the deeply insecure password I use for boxes with no remote services enabled (systems in VirtualPC, my Windows laptop) - it's only useful to a local attacker, and they have much easier ways of gaining access.
  • by Anonymous Coward on Sunday August 21, 2005 @11:43PM (#13369673)
    6436a55a08760c5b94dbed4476f83fcd
  • by 5n3ak3rp1mp ( 305814 ) on Sunday August 21, 2005 @11:49PM (#13369688) Homepage
    Does anyone know how to get a hold of a database such as this? As part of our IT auditing I'd like to be able to do a join of our md5-encoded user passwords (no salts or anything) with this to see whose password is insecure... yeah, that's it...
    • by Janitha ( 817744 ) on Monday August 22, 2005 @12:21AM (#13369781) Homepage
      You can create it, actually if you asked that a few months ago I had 100GB worth of md5 0-8 alpha-ALPHA-num every combination for sale (which I later made free if you sent me DVD's) but I deleted since no one was much interested and it was much needed space for other stuff. I used rainbowcrack (http://www.antsight.com/zsl/rainbowcrack [antsight.com]) for some reason the linux client seems to work much faster than the windows one (although it made no sense to why)
    • by bobbozzo ( 622815 ) on Monday August 22, 2005 @12:44AM (#13369843)
      One of the vendors at DefCon this year was selling them.

      Try googling for Rainbow Tables.
    • by pAnkRat ( 639452 ) on Monday August 22, 2005 @05:21AM (#13370450)
      Just out of interrest, why would you store the password for a user as (pseudo code follows)

      md5(pw);

      and not

      md5(username + pw);

      Salting the the hash with a variable (here: username) helps preventing wide scale probing with rainbow lists in the event the DB gets "stolen".

      • by Thundersnatch ( 671481 ) on Monday August 22, 2005 @07:04AM (#13370639) Journal

        It's called a password "salt", and many applications use them. It's much better to use a large random value stored in the clear than the username.

        Microsoft, of course, is screwed by the need to provide backward compatibilitty, and does not salt the (MD4-based) NTLMv2 hash stored on Windows systems. They encrypt the whole hash database instead to prevent offline attacks, but this is ineffective as the decryption key is also "hidden" on the system's disk unless you want requrie a diskette/CD/floppy at boot that contains the decryption "syskey".

      • You're absolutely right. Or at least, that's a better alternative.

        Unfortunately, I did not design the system. I would not have designed it that way. I probably would have used SHA-1 too.

        Which is why I'm considering quitting so I actually get to design stuff properly...
  • Hmmm... (Score:5, Insightful)

    by mg2 ( 823681 ) on Sunday August 21, 2005 @11:49PM (#13369690)
    Seems like using salted MD5 hashes would render this kind of stuff totally useless.

    ...You all use salted md5 hashing in your applications, don't you?

    • Re:Hmmm... (Score:5, Funny)

      by FLAGGR ( 800770 ) on Monday August 22, 2005 @12:05AM (#13369736)
      I prefer pepper.
      • Re:Hmmm... (Score:4, Interesting)

        by bsdrawkcab ( 622946 ) on Monday August 22, 2005 @02:15AM (#13370046)
        You jest, but I seem to recall "pepper" being used to describe a related scheme under which the salt is secret and has a relatively small domain (but large enough to make dictionary attacks much harder). The idea was that if you provide the right password, the computer can exhaust the possible pepper values until it gets a match, but the correct value never needs to be stored.

        Sound familiar to anyone else? Anyone know if it's used in practice?
        • Re:Hmmm... (Score:5, Interesting)

          by baadger ( 764884 ) on Monday August 22, 2005 @05:14AM (#13370436)
          function pepperMatch(password, hash) {
          var pepper = ['po', '3g', '37', 'ax'];
          var p;
          for p in pepper {
            if (md5(pepper[p] + password) == hash)
              return true;
          }
          return false;
          }

          Beyond the obvious downside to this (4 times the CPU time for legitimate matches) the advantage is obviously that the cracker has 4 times the bruteforcing to do. But if your security has been comprimised enough to allow someone to find out this hash then you probably have bigger things to worry about.

          Maybe tricks like these will come into their own once people realise just increasing hash length or changing the function isn't going to make them any more secure when users still aren't using 'good' passwords.

          If you think about it hashing your passwords in a database is almost an admittance either that 1) you're database will probably be comprimised or 2) you're users shouldn't trust you. I wonder if it's possible to grep the likes of MySQL's storage files for MD5 hashes (thereby bypassing the databases authentication)?
          • Re:Hmmm... (Score:2, Informative)

            by karmatic ( 776420 )
            > I wonder if it's possible to grep the likes of MySQL's storage files for MD5 hashes (thereby bypassing the databases authentication)?

            Yes, but you need shell access to do it.

          • If you think about it hashing your passwords in a database is almost an admittance either that 1) you're database will probably be comprimised or 2) you're users shouldn't trust you. I wonder if it's possible to grep the likes of MySQL's storage files for MD5 hashes (thereby bypassing the databases authentication)?

            It is mostly 2). Your users shouldn't trust you, nor should you trust yourself, unless "you" is truly a single person. Any system that has users logging into it is probably accessible to multi

          • Re:Hmmm... (Score:3, Informative)

            by stewby18 ( 594952 )

            If you think about it hashing your passwords in a database is almost an admittance [tha] you're database will probably be comprimised

            No, it's a recognition of the fact that it's at least theoretically possible that your database might be compromised at some point in the future. And anyone who isn't an idiot will design their systems in such a way as to minimize the damage that can be caused by a single point of failure. That's not an admission of incompetence, it's plain common sense.

          • Another Reason.... (Score:3, Informative)

            by HopeOS ( 74340 )
            3) the system administrators need reasonable deniability from user's claims of password theft.

            If the user's password is stored in plain text, they can claim that you, the system administrator, have access to it. This increases your liability as the user can now disclaim responsibility for actions taken with that password, on any other system where it is used -- after all, they could have been impersonated, and they can accuse you of being the culprit.

            -Hope
    • Re:Hmmm... (Score:4, Informative)

      by jurt1235 ( 834677 ) on Monday August 22, 2005 @01:29AM (#13369936) Homepage
      MD5 is a hashing method, and ofcourse you can look up the hashes again. It is just a quick and dirty way of encoding your passwords in php, or to check if a file is really that file which you were expecting. It is not for real password encryption use.

      Anyway: MD5 hashes over a certain dataset are not unique. Two datasets can result in the same MD5 hash, assuming a fixed has length. This database could point those out too.

      As last remark: This kind of database use has been done before by chess engines. By just storing most succesful board setups, the next moves could be executed more effectively and a lot faster.
    • >You all use salted md5 hashing in your applications, don't you?

      I was just reviewing some popular browser extensions that create site-specific passwords. Click a widget, enter a keysequence or something like that and they fill in a password that's an MD5 hash of the site name concatenated with a master password from the user.

      No salt.

      There are probably blackhats out there who have *memorized* the MD5 of "passwordpaypal.com".
      • by baadger ( 764884 ) on Monday August 22, 2005 @04:26AM (#13370324)
        This is lightly salted.

        "slashdot.org<my password>" will render any generic databases like GData useless for Slashdot password searching. It means someone has to build up a Slashdot specific database using a dictionary first. That is all a salt is really for, to inconvenience a dictionary attack.

        "slashdot.orgbaadger<my password>" (<site><username><password>) would be better as it means the cracker has to build a database specific to slashdot and my username.

        So yes these passwords are salted, using the domain just saves the plugin having to save random salts somewhere.
        • Furthermore salts do not have to be large, random or kept local, as you said in sister post. Provided the cracker has to generate a new hash dictionary it has acheived it's task and this means if you're salt doesn't make your plaintext another plaintext thats found in the crackers database, it has acheived it's goal.

          Secret, long and random salts known to both sides and never transmitted will produce a MAC.
        • They arn't trying to find your password, just find something that has the same MD5. If kf9fqufccqhtqrthcferhwughw has the same hash as slashdot.orgbaadgerlolhy, I can login with either and slashdot wont care. Granted, it will stop a dictonary attack, but your password shouldnt be that weak anyways.
          • But you missed the point that we are assuming the cracker knows H(slashdot.orgbaadgerpassword) not H(password). If slashcode adds the "slashdot.orgbaadger" prefix before applying the hash for matching then the generic dictionary attack is useless.
    • Most Linux distro that use MD5 salt the hashes in /etc/passwd or LDAP.
      • Most Linux distro that use MD5 salt the hashes in /etc/passwd or LDAP.

        Nobody puts passwords in /etc/passwd any more. They go in /etc/shadow.

        Alternatives exist (Kerberos, Samba, LDAP) but they're nowhere near as widespread.
    • Re:Hmmm... (Score:2, Funny)

      by Anonymous Coward
      OMG then we would just make a database of salted md5 hashes!! YOU CAN'T WIN VERSUS THE HAX0RS.
    • by Paul Crowley ( 837 ) on Monday August 22, 2005 @02:18AM (#13370056) Homepage Journal
      Actually I have seen many applications that fail to salt passwords before hashing them; it's depressing. Salt should be long enough to be globally unique when randomly generated. Old-style Unix passwords used a 12-bit salt, which was pathetic; 128 bits would be plenty.

      In addition, it's best to iterate the hash many times, which slows down dictionary attacks. See Kelsey, Schneier et al, "Secure Applications of Low-Entropy Keys":

      http://www.schneier.com/paper-low-entropy.html [schneier.com]

      The proofs in that paper are based on the assumption that the hash function is collision free, which of course MD5 isn't; another hash function might be preferable.
    • The crypt() function takes two arguments: a key and some salt characters. But the MD5/SHA1 functions I have seen only take one argument. So how do you salt an MD5/SHA1 hash? Is it enough to do md5 (username . password)?
  • by Lord Byron II ( 671689 ) on Sunday August 21, 2005 @11:50PM (#13369697)
    This is fun.. watching his hash counter go up. It was at 32 when I first saw it, which means that near all of the increase over the next few days can be attributed to the /. effect (assuming he doesn't get posted to some other major site).
    • I think there's some kind of bug in the counter, or the site is being ./'d, with over 65535 or 2^64-1 hits, as I initially saw the counter with a value of around 70, and now when I look at it, the counter had gone DOWN to 30 something, and was on the increase again.
  • by VeryProfessional ( 805174 ) on Sunday August 21, 2005 @11:52PM (#13369702)
    Apart from the fact that this site is somewhat morally questionable, it doesn't seem to work very well. I inserted a number of hashes for common first names and dictionary words, and none of them returned a hit. If the database doesn't even cover common stuff such as this, what is it really good for? Really, 12 million hashes out of a space of 2^128 is truly miniscule.
    • by kasperd ( 592156 ) on Monday August 22, 2005 @12:02AM (#13369729) Homepage Journal
      I inserted a number of hashes for common first names and dictionary words, and none of them returned a hit.

      You wouldn't by any chance be using the md5sum command line utility and typing a newline after the word? I just tried my own name, which turned out to be in the database. Could you give just a few examples of the hash values you submitted, and the word you expected it to return?
      • by VeryProfessional ( 805174 ) on Monday August 22, 2005 @12:09AM (#13369745)

        You wouldn't by any chance be using the md5sum command line utility and typing a newline after the word? I just tried my own name, which turned out to be in the database. Could you give just a few examples of the hash values you submitted, and the word you expected it to return?

        Oops, right you are, that's exactly what I was doing... tried the same words with echo -n and they were in fact in the database.

        /me wipes egg off face

    • It certainly didn't get my passwords, but I was less amused by the popup attempts, for both onLoad and the getFocus event for the text box where you're supposed to type. Certainly felt slimey, no wonder the submitter was happy to try to get his own site slashdotted, the popups for casinos (well I had to see what they were!) no doubt bring in some pocket money.

      It also seems very limited to dictionary words, there's no attempt at some useful things like IP addresses (I've seen a few BBSes who don't publish

    • If you're using md5sum, it helps if you don't include the newline, like this:
      echo -n phrack | md5sum
      returns:

      f6174179c90c0366b99d7a1d91cf6f4a

      Which successfully performs the lookup for me.
  • So what? (Score:5, Informative)

    by kasperd ( 592156 ) on Sunday August 21, 2005 @11:54PM (#13369707) Homepage Journal
    Any system using plain md5 to hash passwords is broken anyway. Include a salt - and any database over hashes will become useless. Besides if people choose good passwords, they are most likely not in the database. That is already two reasons why people should be protected, do we need anymore?

    For many other uses of cryptographic hashes the input is much more than a single word, and typically you don't really worry about keeping the input a secret anyway.
  • MD5 is nice but... (Score:5, Informative)

    by nmb3000 ( 741169 ) on Monday August 22, 2005 @12:25AM (#13369789) Journal
    What would be really nice is to see this grow past a simple MD5 database. If you're going to get traffic, you really should get an NTLM database up and start populating it as soon as possible.

    A few other places have these, in differing amounts. Rainbowcrack [rainbowcrack.com] has tons of them, but require you to submit some before being allowed to query the system. I did submit a few NTLM hash tables, but it took the better part of a week to get my query back (it's supposed to be a lot faster than that).

    There's also Ophcrack [lasecwww.epfl.ch] which uses tables similar to rainbow tables. It has a web interface to query NTLM hashes for simple passwords.

    With these pre-computed hash tables, basic password security is starting to take a hit and it's becoming more and more worthwhile to use a simple but long password rather than a short and complex one. If you're on Windows, it's also VERY worthwhile to read about forcing Windows to store only the NTLM hash and drop the LM hash [microsoft.com]. It breaks old compatibility with Win 9x but is very worth it if you don't need that. This helps against precomputed attackes but has an even bigger impact agains brute-force attacks.
    • GREAT! So now all freaking IT security departments are going to up the minimum password length to like 64 in ADDITION to having to change it every other day, not being able to use the last 1000 passwords you've ever used, and requiring alternating caps, numbers, and punctuation.

      Sure, I'm exaggerating a little, but the amount of time I have to spend on password maintenance is nearly making a line item on my time sheet.
      • Actually, the smartest would be to require diceware passwords with a few simple permutations.
      • It already is a line item, 2.5 days every month.

        Approximately 600 systems split between Solaris and AIX, three change management systems (actually 1200 because root gets changed monthly), two VPN solutions and at last count about a dozen different pasword standards.

        Kind of sucks the will to live right out of you!
    • by Sycraft-fu ( 314770 ) on Monday August 22, 2005 @12:53AM (#13369861)
      To call LM weak would be an understatement. LM takes passwords up to 14 charackets in length, fine you think until you realise that the way tey did it is to hash 2 7-character strings. This means for any password, you have to crack a max of 7 characters. Oh, and did I meantion it's case insensitive?

      There are existing ranbowtables covering basically the entire LM space but, really, you don't need it. A fast dual core chip will crack it in less than a day.

      The parent is correct in that in all cases you can you should set Windows to only use NTLM, or better yet NTLMv2. We are (finally) getting to do that at work as we purged the last NT and 98 systems from the domain.
    • by Nailer ( 69468 )
      it's also VERY worthwhile to read about forcing Windows to store only the NTLM hash and drop the LM hash.

      I thought NTLMv2 was MD4, which is still broken according to its inventors?
  • Pointless. (Score:3, Insightful)

    by Randseed ( 132501 ) on Monday August 22, 2005 @12:38AM (#13369827)
    I generated a PHP script that does password managing a couple of weeks ago, and even I used a SALT in the process. I suppose that this is useful if you come across a site so horribly broken as to not use a SALT, or if you know the SALT ahead of time somehow. (Not hard to do the latter, really.)

    All in all, this is another ho-hum kind of story.

  • Advantages (Score:5, Funny)

    by Elitist_Phoenix ( 808424 ) on Monday August 22, 2005 @12:44AM (#13369844)
    What advantages does this database have over say a Cray supercomputer, which I could also afford.
  • With this database suddenly all files are compressible to 32 bytes. A 1440 Kb floppy disk can store 46080 MD5 hashes. If each hash represents a file that is on average 10 Mb, the floppy disk can store 461 Gb on average.

    This is quite useful for archival purposes.

    The whole idea of information versus random noise is really apparent when you compare which MD5 hashes have personal significance to the set of all possible hashes.
    • by Anonymous Coward
      MD5 hashes aren't unique. There are around 2^105 (around 10^32, or 10 decillion) 10 MB files with the hash '498b4ddc9f957eca6473923163dd117f', for example. There's also a five-letter word that coincidentally hashes to that value AND describes you, but you can find it yourself.
    • by Anonymous Coward
      It's kind of strange how the moderation of a post can change its meaning. I was reading the parent post when it was modded "+5 interesting". I thought it was a crock, as everyone knows that since hashes have collisions, they cannot be used for lossless (or practical lossy) compression.

      Anyway, I pressed Reload to see if there were any new posts, and stumbled upon the parent again, now moderated "+5 funny". My first thoughts were "what a subtle parody....wait a minute, this looks familiar".
    • by mlush ( 620447 ) on Monday August 22, 2005 @04:39AM (#13370352)
      With this database suddenly all files are compressible to 32 bytes. A 1440 Kb floppy disk can store 46080 MD5 hashes. If each hash represents a file that is on average 10 Mb, the floppy disk can store 461 Gb on average.

      Your missing a trick.. you could reduce the file of MD5 hashes with MD5, write it down and carry 461 Gb on a postit note!

    • Yes, and like many other archiving solutions, backup works great but restore is "problematic"...

    • Pi is better. (Score:3, Interesting)

      An infinite, non-repeating number must contain ALL possible data, right?

      --Including next week's winning lottery numbers, a picture of your face, blue prints to your house, your brain, and a nice little faster-than-light getaway vehicle and the formula for its shocking-pink meteorite-resistant paint.

      It's just a matter of finding the right sequences. Or building a device which can find those sequences for you upon request. --I call such a device an, "Infinity Box".


      -FL

    • Bad time to find out that the changeset you just sent, compressed, to your boss has the same hash as goatse.cx.
  • Trojan alert (Score:5, Informative)

    by Anonymous Coward on Monday August 22, 2005 @02:18AM (#13370057)
    Visiting this site (md5 one) resulted in pop-ups which were loaded with the StartPage Trojan which fortunately F-Secure spotted.
  • but as previously pointed out, with a few minor additions (as to which it depends on whether you prefer salt or pepper :p) to the procedure, this database becomes a minor security concern.
  • I threw this together in all of 5 seconds. http://www.cif.rochester.edu/~trevdak/md5.php [rochester.edu]
  • Interestingly... (Score:3, Interesting)

    by hajejan ( 549838 ) <hajejan@noSPam.kamps.org> on Monday August 22, 2005 @03:37AM (#13370222) Homepage
    Interestingly, do a MD5 hash of 1

    The result is c4ca4238a0b923820dcc509a6f75849b

    Do a google search for that string.

    That results in roughly 2000 hits. That's 2000 people running un-salted hashes...
  • Personally, I'd love to use a password with an MD5 hash that came out something like "FyoMamaSysAdmin"... any tools for generating THAT? :)

    MadCow.
  • Do your bit for the destruction of md5 by adding to the database using this simple script!

    #! /usr/bin/perl
    system 'apg -n 5 > okpasswords';
    open(passfile, "okpasswords");

    while($password = ){
            chop $password;
            print $password.";";
    }
    print "\n";

    Then just paste 'em in.

    Farewell Md5. Thou hast served us surprisingly well.

Professional wrestling: ballet for the common man.

Working...