Security Basics mailing list archives
RE: Password cracking
From: Greg Merideth <gmerideth () uclnj com>
Date: Mon, 11 Jun 2012 15:48:11 +0000
We have a simple hasher we use for hashing non-salted guids that looks like this in c#: static void Main(string[] args) { Console.WriteLine("Hashing : {0}", args[0]); Console.WriteLine("Hashed : {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(args[0], "SHA1")); } If you take the list of leaked hashes, and hash the password "footba!!" (93214AAA02F99EC127A698836B33337EF7C8BB2C), then search the text file for that hash, you will find it. Someone used the password "footba!!" in linkedin. It's simple to start off with "a", hash that, and then move to "b" and continue all the way down to "abc[ect]" building a huge table of pre-hashed passwords. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Yuri Nahum Sent: Sunday, June 10, 2012 9:29 AM To: security-basics () securityfocus com Subject: Password cracking Hey Guys, Are there some openly available lists of hashed passwords to play around with? I know, surely Google knows some of those, but it seems I'm to stupid to find them. My second question concerns Rainbow tables. It's quite simple, but I cannot grasp this reduction function which maps a hashvalue to a possible password. Are there some agreed-upon standards? What does this function look like, say, if I wanted to implement it. Best regards Yuri ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Password cracking Yuri Nahum (Jun 11)
- Re: Password cracking Alonso Caballero Quezada / ReYDeS (Jun 11)
- RE: Password cracking Greg Merideth (Jun 11)
- Re: Password cracking Jerome Athias (Jun 11)
- Re: Password cracking Peter Thomas (Jun 13)
- Re: Password cracking Jerome Athias (Jun 11)
- <Possible follow-ups>
- Re: Password cracking u-turn1 (Jun 12)
- Re: Password cracking Jeffrey Walton (Jun 12)