Full Disclosure mailing list archives

Re: anybody know good service for cracking md5?

From: netinfinity <netinfinity.securitylab () gmail com>
Date: Thu, 4 Feb 2010 13:47:42 +0100

Pyrit uses CUDA.

On Thu, Feb 4, 2010 at 1:11 PM, Sergio Pelissari <
sergio.pelissari () proteus-security com> wrote:

You can try gpu brute-force, where the c/s is bigger than a normal
quad-core processor.

But you can't use wordlist because isnt make sense compared with c/s you
try to break a hashe using something like incremental way on JTR.

Actually BT4 comes with a md5_gpu_crack you need a VGA support with CUDA
or the ATI technology ( i don't remember the name right now )

On Thu, 2010-02-04 at 12:59 +0100, Christian Sciberras wrote:

Uh, in the sense that they are finally becoming actually useful...





On Thu, Feb 4, 2010 at 12:58 PM, Anders Klixbull <akl () experian dk>
wrote:
        seems to be cropping in?
        as far as know rainbow tables has been around for years...





        ______________________________________________________________
        From: full-disclosure-bounces () lists grok org uk
        [mailto:full-disclosure-bounces () lists grok org uk] On Behalf
        Of Christian Sciberras
        Sent: 3. februar 2010 23:02
        To: Valdis.Kletnieks () vt edu
        Cc: full-disclosure () lists grok org uk
        Subject: Re: [Full-disclosure] anybody know good service for
        cracking md5?




        Actually dictionary attacks seem to work quite well,
        especially for common users which typically use dictionary
        and/or well known passwords (such as the infamous "password").
        Another idea which seems to be cropping in, is the use of hash
        tables with a list of known passwords rather then dictionary
        approach.
        Personally, the hash table one is quite successful, consider
        that it targets password groups rather than a load of wild
        guesses.

        Cheers.




        On Wed, Feb 3, 2010 at 10:26 PM, <Valdis.Kletnieks () vt edu>
        wrote:
                On Wed, 03 Feb 2010 23:42:07 +0300, Alex said:

                > i find some sites which says that they can brute md5
                hashes and WPA dumps
                > for 1 or 2 days.


                Given enough hardware and a specified md5 hash, one
                could at least
                hypothetically find an input text that generated that
                hash.  However, that
                may or may not be as useful as one thinks, as you
                wouldn't have control over
                what the text actually *was*.  It would suck if you
                were trying to crack
                a password, and got the one that was only 14 binary
                bytes long rather than
                the one that was 45 printable characters long. ;)

                Having said that, it would take one heck of a botnet
                to brute-force an MD5 has
                in 1 or 2 days. Given 1 billion keys/second, a true
                brute force of MD5 would
                take on the order of 10**22 years.  If all 140 million
                zombied computers on the
                internet were trying 1 billion keys per second, that
                drops it down to 10**16
                years or so - or about 10,000 times the universe has
                been around already.

                I suspect they're actually doing a dictionary attack,
                which has a good chance
                of succeeding in a day or two.


                _______________________________________________
                Full-Disclosure - We believe in it.
                Charter:
                http://lists.grok.org.uk/full-disclosure-charter.html
                Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
http://netinfinity-sec.blogspot.com

http://www.ubuntu-pe.tk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: anybody know good service for cracking md5?, (continued)
- Re: anybody know good service for cracking md5? Valdis . Kletnieks (Feb 03)
  - Re: anybody know good service for cracking md5? Christian Sciberras (Feb 03)
    - Re: anybody know good service for cracking md5? Anders Klixbull (Feb 04)
    - Re: anybody know good service for cracking md5? Christian Sciberras (Feb 04)
    - Re: anybody know good service for cracking md5? Anders Klixbull (Feb 04)
    - Re: anybody know good service for cracking md5? Christian Sciberras (Feb 04)
    - Re: anybody know good service for cracking md5? McGhee, Eddie (Feb 04)
    - Re: anybody know good service for cracking md5? T Biehn (Feb 04)
    - Re: anybody know good service for cracking md5? Christian Sciberras (Feb 04)
    - Re: anybody know good service for cracking md5? Sergio Pelissari (Feb 04)
    - Re: anybody know good service for cracking md5? netinfinity (Feb 04)
    - Re: anybody know good service for cracking md5? Valdis . Kletnieks (Feb 04)