Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: MD5 Can be Decrypted. Unbelievable!

  1. #11
    Join Date
    Dec 2007
    Posts
    123
    Thanks
    17
    Thanked 1 Time in 1 Post

    Default

    oh!


    Thanks for your assistance

  2. #12
    Join Date
    Dec 2007
    Posts
    123
    Thanks
    17
    Thanked 1 Time in 1 Post

    Default

    What if someone makes a bot which does a dictionary attack to crack a 32 bytes of hash. How much time do you think it will take to actually crack that hash?

  3. #13
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Depends. If the hash isn't in the dictionary, it will never be cracked. If it is, then probably only an hour or two on a fast computer — depending on the size of the dictionary, of course. Length doesn't matter with dictionary-based attacks. That's why it's recommended to never use dictionary words as your password (and why you should always add salt to any user-supplied passwords for hashing).
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  4. #14
    Join Date
    Dec 2007
    Posts
    123
    Thanks
    17
    Thanked 1 Time in 1 Post

    Default

    what if its an alphanumeric password and the attack is a brute force attack?

    Then how much time will it take?

  5. #15
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    O(36^n) if there are no capitals — that is, the time taken will be proportionate to the number of possible characters to the power of the length of the password. On a (my) modern PC, calculating the MD5 sums of 36 characters takes about 0.0000742776780128479 seconds.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  6. #16
    Join Date
    Dec 2007
    Posts
    123
    Thanks
    17
    Thanked 1 Time in 1 Post

    Default

    Quote Originally Posted by Twey View Post
    O(36^n) if there are no capitals — that is, the time taken will be proportionate to the number of possible characters to the power of the length of the password. On a (my) modern PC, calculating the MD5 sums of 36 characters takes about 0.0000742776780128479 seconds.

    I didnt get you. Do you mean a modern PC can crack a alphanumeric password in about 0.0000742776780128479 seconds with brute force attack?

  7. #17
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    A single-character one, yes.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  8. #18
    Join Date
    Dec 2007
    Posts
    123
    Thanks
    17
    Thanked 1 Time in 1 Post

    Default

    so if I have a password of 5 characters (NIj7U)

    then it would take 5 x 0.0000742776780128479 seconds to crack a password with brute force attack???

  9. #19
    Join Date
    Mar 2009
    Posts
    65
    Thanks
    13
    Thanked 4 Times in 4 Posts

    Default

    Quote Originally Posted by cancer10 View Post
    so if I have a password of 5 characters (NIj7U)

    then it would take 5 x 0.0000742776780128479 seconds to crack a password with brute force attack???
    Which is why sometimes applications adds an additional fix prefix to a password to make it harder to break, but the world you add that prefix is not easy either. Choosing a wrong one or a simple one is as good as nothing adding any.

    And for the sake of Og, don't md5 a md5 - it's not really useful

  10. #20
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    The way that website works is people go to http://md5encryption.com/ (which is the encryption tab on the website linked in the first post), it then encrypts the the input to md5 and adds the info to a database. The decryption site then reads from that database and if is in there, displays the text for the inputted hash.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •