Uh, in the sense that they are finally becoming *actually* useful...
On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull <[email protected]> wrote: > seems to be cropping in? > as far as know rainbow tables has been around for years... > > > > ------------------------------ > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Christian > Sciberras > *Sent:* 3. februar 2010 23:02 > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: [Full-disclosure] anybody know good service for cracking > md5? > > Actually dictionary attacks seem to work quite well, especially for common > users which typically use dictionary and/or well known passwords (such as > the infamous "password"). > Another idea which seems to be cropping in, is the use of hash tables with > a list of known passwords rather then dictionary approach. > Personally, the hash table one is quite successful, consider that it > targets password groups rather than a load of wild guesses. > > Cheers. > > > > > On Wed, Feb 3, 2010 at 10:26 PM, <[email protected]> wrote: > >> On Wed, 03 Feb 2010 23:42:07 +0300, Alex said: >> >> > i find some sites which says that they can brute md5 hashes and WPA >> dumps >> > for 1 or 2 days. >> >> Given enough hardware and a specified md5 hash, one could at least >> hypothetically find an input text that generated that hash. However, that >> may or may not be as useful as one thinks, as you wouldn't have control >> over >> what the text actually *was*. It would suck if you were trying to crack >> a password, and got the one that was only 14 binary bytes long rather than >> the one that was 45 printable characters long. ;) >> >> Having said that, it would take one heck of a botnet to brute-force an MD5 >> has >> in 1 or 2 days. Given 1 billion keys/second, a true brute force of MD5 >> would >> take on the order of 10**22 years. If all 140 million zombied computers >> on the >> internet were trying 1 billion keys per second, that drops it down to >> 10**16 >> years or so - or about 10,000 times the universe has been around already. >> >> I suspect they're actually doing a dictionary attack, which has a good >> chance >> of succeeding in a day or two. >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
