MD5 Encryption

[llbbl]

Does anyone know how fast you can break this type of encryption? How complicated is it??

MD5 Cracking Tools

http://ikecrack.sourceforge.net/

Quote:

Initial tesing with Perl based IKECrack shows numbers of 18,000 tests per second with a PIII 700, and can bruteforce 3 chars of ucase/lcase/0-9 in 13 seconds.

MDCrack [a MD5 bruteforce tool] can achieve 1.5 million keys per second with pure MD5 and a PIII 700. PSK bruteforcing consists of 4 MD5's, and 4 64 byte XORs....but should still be able to achieve 375,000 IKE keys per second. Preliminary tests in C have shown 26,000 keys per second with un-optimized routines. I'm hoping that Simeon Pilgrim's MD5 routines will speed this up a bit more.

http://passcracking.com/

Quote:

MD5 Online Cracking
using Rainbow Tables

Table benchmark tests:

10 hashes on P4, 2GhZ, 512 RAM - all hashes are found ~73 minutes (1,2 hours) [results]

10 hashes on P4, 2GhZ, 512 RAM - no hashes are found ~446 minutes (7,4 hours) [results]

http://www.antsight.com/zsl/rainbowcrack/

Quote:

[12/30/2004] We demonstrate the ultimate windows password cracker. With 64GB of rainbow tables, any windows password up to 14 characters can be cracked in a few minutes. Go to Rainbow Table section for more information about this table set (lm configuration #6).

Those guys at passcracking.com will crack your MD5 hash for you in a couple of hours.

Here is a link to AES encryption if you want to learn how to implement it.

http://www.abisoft.net/documents/AESbyExample.htm

Quote:

The following document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is to give developers with little or no knowledge of cryptography the ability to implement AES.

[llbbl]

This means that the administrator of any online site that stores their passwords in MD5 can crack their users passwords in a couple of hours.

[llbbl]

I want to know if there are any alternatives to MD5.

[spankers]

Here's a discussion of the md5/password issue...
http://lists.debian.org/debian-secur.../msg00176.html

There is a PAM module supporting Blowfish. Here's the Debian package:
http://packages.debian.org/testing/admin/libpam-unix2

Redhat should also have a libpam-unix2 package.

[llbbl]

http://eprint.iacr.org/2004/199.pdf
http://www.freedom-to-tinker.com/archives/000664.html
http://www.unixwiz.net/techtips/igui...to-hashes.html
http://www.mail-archive.com/cryptogr.../msg02554.html
http://www.freedom-to-tinker.com/archives/000661.html

Here is an award to people able to find collisions in MD5
http://www.certainkey.com/md5challenge/

http://www.freedom-to-tinker.com/archives/000663.html

[znaps]

Interesting stuff guys...I didn't realise it was so easily bruteforced.

[ECA]

Brute force cracking...
MEAN stuff.

There are a few ways to REALLy slow it down, or even fuddle it up.
1. is a 3 password system, this can slow it down, as it has to rememebr the first 2 passwords, on each try.. But this only slows it down, so that someone has a chance to catch it.
2. a random generator. Each time the password it entered, it changes...OR useing a KEY, such as TIME, DAY, YEAR, the password changes.
Useing TIME, you give a password 5 minutes before it changes to a NEW password.
You might have 1-5 passwords working in a 5 minute period. And then they ALl change.
If you aint got the key to generate a password, ODDs say, you AINT getting in.

[spankers]

Quote:

Originally Posted by TecknoGeek

Those guys at passcracking.com will crack your MD5 hash for you in a couple of hours.

This only applies to "unsalted" md5 hashes... per passcracking.com:

Quote:

NOTE: This project won't be able to break salted md5 hashes which are used in *nix systems in /etc/shadow files. They won't appear in the list. Only "clean" md5 hashes. Read more about technology behind this project in homepage of RainbowCrack!

[llbbl]

What does salted mean?

[ECA]

copyprotected..