Security Basics mailing list archives
Re: MYsql 323 Hashes Cracking
From: Gage Bystrom <themadichib0d () gmail com>
Date: Thu, 22 Dec 2011 12:34:51 -0800
On Dec 22, 2011 10:55 AM, <synja@synfulvisions.(something I accidentally deleted and am too lazy to go figure it out, probably a com)
With the access that you already apparently have, you may want to look into alternate methods of credential "discovery."
This absolutely. I can't remember how often I've laughed at people when they couldn't crack a hash, but at the same time had write access to the php script that collected the logins in the first place.... And that's only one out of many methods. Chances are if you are in a position to worry about someone cracking your hashed there are bigger things to worry about, which is fairly equivocal for an attacker. Chances are if you're in a position to crack a hash, there are bigger things to target. But to answer the OPs question, unless you got a few terrabytes or more to spare, than no its not worth it. Chances are unlikely that anyone has rainbow tables in that range. And since calculating your own rainbow table just for this event would be idiotic, you're probably just better off tweaking your john options(patched to remove the 8 length restriction) or whatever your favorite cracking tool that can handle the algo. Also a Google check couldn't hurt, you may be lucky and someone else already cracked that hash.
------Original Message------ From: tarunkall () gmail com Sender: listbounce () securityfocus com To: security-basics () securityfocus com Subject: MYsql 323 Hashes Cracking Sent: Dec 22, 2011 13:34 Hi, While testing i got the mysql 323 root's and few users hashes, but i am not able to crack them till yet, passwords seems to complex,if the password is of length of around 12-16 having special character lower n upper alpha and numeri are their any possibilities of it being cracked by Rainbow tables if i purchase them, please suggest tht till what extent does rainbow tables could crack such passwords and will it be a worth full to purchase. please provide up with the Suggestions ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ Sent on the Sprint® Now Network from my BlackBerry®
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- MYsql 323 Hashes Cracking tarunkall (Dec 22)
- <Possible follow-ups>
- Re: MYsql 323 Hashes Cracking synja (Dec 22)
- Message not available
- Re: MYsql 323 Hashes Cracking Gage Bystrom (Dec 22)
- Message not available