 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
A lot of the md5 are uncrackables!!!! |
 |
 Posted: Tue Feb 28, 2006 3:34 pm |
 |
|
| thelma |
| Regular user |
 |
|
| Joined: Oct 18, 2005 |
| Posts: 16 |
|
|
|
 |
|
 |
|
Do you know the why?  |
|
|
|
|
|
Re: A lot of the md5 are uncrackables!!!! |
|
| Posted: Tue Feb 28, 2006 4:05 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| thelma wrote: | | Do you know the why? |
If
1)Password is long enough (12+ chars)
2) Has no meaning (not related to any wordlists)
then bruteforce, wordlist guessing and rainbow cracking are useless.
By the way, md5 hashing algorithm itself is vulnerable to collision
generation, but at this moment i don't know any publicly available
tools to implement this weakness in context of the phpbb password using scheme. |
|
|
|
|
| Posted: Tue Feb 28, 2006 4:52 pm |
|
|
| thelma |
| Regular user |
|
|
| Joined: Oct 18, 2005 |
| Posts: 16 |
|
|
|
|
|
|
|
| The problem is that all the hashes of a determinate forum(Invision Power Board v2.0.3) are impossible to crack, I have everywhere tried, on all the site possible online... while with my forum I have not have problem to crack the md5.. my succesfull to crack them is the 70% |
|
|
|
|
|
|
|
|
| Posted: Tue Feb 28, 2006 5:55 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| thelma wrote: | | The problem is that all the hashes of a determinate forum(Invision Power Board v2.0.3) are impossible to crack, I have everywhere tried, on all the site possible online... while with my forum I have not have problem to crack the md5.. my succesfull to crack them is the 70% |
Code snippet from IPB 2.0.3 source code:
| Code: |
$salt = $ibforums->converge->generate_password_salt(5);
$passhash = $ibforums->converge->generate_compiled_passhash($salt, md5($in_password) );
|
So the answer is - IPB 2.0.3 is using salted hashes. Salting will make cracking process more difficult and time consuming ... |
|
|
|
|
| Posted: Wed Mar 01, 2006 12:56 pm |
|
|
| thelma |
| Regular user |
|
|
| Joined: Oct 18, 2005 |
| Posts: 16 |
|
|
|
|
|
|
|
ok,I have lost any hope!!
thank you |
|
|
|
|
| Posted: Sun Apr 02, 2006 5:17 pm |
|
|
| Vixje |
| Active user |
 |
|
| Joined: Mar 25, 2006 |
| Posts: 35 |
|
|
|
|
|
|
|
| Hi waraxe. I still want to give it a go with a salted pw. I have a database of a 2.0.x forum, with the converged records inside. Could you give me a brief explanation, on how I could make a start on cracking such salts? Considering I do have the usernames, the hashes, and the salt-values. For example, is there a easy way (tool) where u can just insert the usercode+hash+salt and do a dictionary or bruteforce on it? Or do i first need to "unsalt" the hash to get the real md5 hash value? |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 12, 2006 10:13 pm |
|
|
| Indiction |
| Regular user |
|
|
| Joined: Apr 12, 2006 |
| Posts: 11 |
|
|
|
|
|
|
|
Basically if there is a salt, you cannot remove it at the MD5 step.
First you will have to know what the salt is. If the salt is say md(x+5), then you must first reverse the hash through bruteforcing or whatever. Then subtract the salt (which will give you the original cleartext). Thanks to the fact that if md5(x+c) = md5(y+c) (collision), all you need to do is reverse the mathematical operation on the salt. Unless its something like, say, modulus, in which case good luck  .
But one thing you can't do is reverse the salt when all you have is the hash. You must first reverse the hash. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 47
Members: 0
Total: 47
