Enter your password and then post what the encrypted hash value is for your password

http://www.johnmaguire.us/tools/hashcalc/

I'll go first:

24fc4250181f5b0d6e5f18bc503198be

[Edited on February 24, 2009 at 8:46 AM. Reason : god damnit, I apologize, move this shit to chit chat]

2/24/2009 8:45:39 AM

um yeah

no.

2/24/2009 8:56:23 AM

Come on. This could be funny as hell.

2/24/2009 8:58:07 AM

This has been done before. Many times.

2/24/2009 9:11:09 AM

As best I can tell from the search function, it certainly hasn't.

2/24/2009 9:15:33 AM

596a96cc7bf9108cd896f33c44aedc8a

2/24/2009 10:02:24 AM

24fc4250181f5b0d6e5f18bc503198be

2/24/2009 10:15:50 AM

3c56e5786fd131b9e19113e4a93cd073

2/24/2009 10:17:31 AM

hmmm

2/24/2009 10:20:46 AM

36801296e810c1b6bb3aa407b492cf09

2/24/2009 10:21:50 AM

my ex gf's sister wrote a thing that decrypted up to 3 letters of md5

I'm Big Business and i approved this message.

2/24/2009 10:23:18 AM

24fc4250181f5b0d6e5f18bc503198be

2/24/2009 10:23:42 AM

ALL YOUR PASSWORDS ARE BELONG TO US

2/24/2009 10:36:00 AM

Quote :

"This could be funny as hell."

no it couldnt

message_topic.aspx?topic=504186

...

2/24/2009 10:36:44 AM

Quote :

"ALL YOUR PASSWORDS ARE BELONG TO US"

lulz

thats why you just type gibberish in the input

2/24/2009 10:37:25 AM

24fc4250181f5b0d6e5f18bc503198be

2/24/2009 10:37:38 AM

Quote :

"my ex gf's sister wrote a thing that decrypted up to 3 letters of md5"

UP TO THREE LETTERS!

MY GOD IS THE NSA HIRING?

2/24/2009 10:41:01 AM

1. MD5 is can not be cryptanalysed by any feasible methods. so if she could, it would be significant.

2. 'three letters' of a hash value is meaningless. it doesnt make any goddamned sense to say you "decrypted three letters"

2/24/2009 10:44:20 AM

wait no nvm

I'm Big Business and i approved this message.

2/24/2009 10:45:38 AM

hmmmm

2/24/2009 10:48:37 AM

^^^He probably means that she made a table with the hash of every possible (up to) three character input and used that lookup to 'decrypt' them.

[Edited on February 24, 2009 at 10:50 AM. Reason : ]

2/24/2009 10:50:03 AM

no like if i typed "Forest"

she would give me back For

idk how and i know logically that doesn't make sense.

I'm Big Business and i approved this message.

2/24/2009 10:52:02 AM

I'm going to guess that she was able to decrypt an MD5 hash of a ciphertext that was exactly three letters in length.

that would be what is called a "known-length attack" and is, relatively, a trivial exercise in cryptanalysis.





[Edited on February 24, 2009 at 10:55 AM. Reason : ]

2/24/2009 10:53:03 AM

yeah you just encrypt everything starting with aaa or whatever the first text character is then make a table. i could do that

I'm Big Business and i approved this message.

2/24/2009 10:55:02 AM

Quote :

"596a96cc7bf9108cd896f33c44aedc8a"

2/24/2009 10:56:19 AM

Quote :

"no like if i typed "Forest" she would give me back For"

but you would not find the hash of For in the hash of Forest, so that doesnt make sense still

2/24/2009 10:57:26 AM

"i know that doesn't make any sense at all"

I'm Big Business and i approved this message

2/24/2009 10:57:56 AM

she was probably performing the hash only on the first three letters. and then knowing that it was a three letter code, could apply cryptanalysis to "break" it.

still, if she's already that deep into it, she should apply to the NSA.

2/24/2009 10:58:09 AM

http://tools.benramsey.com/md5/

2/24/2009 12:04:33 PM

I didn't know what md5 was so I looked it up. Then came across md6. Can someone explain to me why 28 cycles per bit is significant?

2/24/2009 12:12:24 PM

hash functions are an art form

2/24/2009 12:52:02 PM

what the hell

4597390591d0728e541c35f8f65ed903

2/24/2009 12:55:47 PM

isn't md5 not safe anymore? Thought it was proven broken a few months ago and all of the banks frantically switched to the next encryption.

2/24/2009 12:59:14 PM

http://en.wikipedia.org/wiki/MD5#Vulnerability

2/24/2009 1:01:49 PM

wait

aren't these the same as session cookie ids?

and aren't TWW's session cookies fucking static...

2/24/2009 1:05:23 PM

^ LOL

[Edited on February 24, 2009 at 1:08 PM. Reason : I don't believe MD5 is used for session cookies, session cookies are GUIDs if I recall correctly ]

2/24/2009 1:06:47 PM

24fc4250181f5b0d6e5f18bc503198be

2/24/2009 1:21:52 PM

MD5's can not be "cracked" easily. you'll still need a cluster of distributed processors performing a brute force attack, and a lot of time.

the vulnerability is that "collisions" can be forced, allowing you to find a string or file that has the same MD5 hash, replacing the original with the tampered version.

so i can't figure out your passwords passphrases. i could, if i were clever and motivated enough, force a collision to create another password that has the same MD5 sum and claim to the rest of the world that it was your password passphrase.


EDIT: simple passwords can be found on lookup tables. not the same as "cracking"





[Edited on February 24, 2009 at 6:55 PM. Reason : ]

2/24/2009 6:26:53 PM

7e9f7ea1ae06cc0eec581bb534de7b02

2/24/2009 6:35:25 PM

also theres a misconception going around here.... the "reverse hash calculator" only applies the hash value to databases containing pre-calculated lookup tables of known hash values and their cleartext.

so, it's easy to look up someone's "fuckyou" password, but a lot harder to look up someone else's "twista you a goddam f00L if u think U ca cR4Ck dis ha$H"

2/24/2009 6:44:30 PM

username: joe_schmoe
password: twista you a goddam f00L if u think U ca cR4Ck dis ha$H

2/24/2009 6:49:49 PM

whats your point?

no one uses MD5 to store passwords. for the very reason that any skriptkiddie can use internet lookup tables.

you might as well use an XOR or a Ceasar Cipher. or just hide the cleartext password file in your SYSTEM32 directory. or better yet, write the passwords on post-it notes and stick them to the server rack.

2/24/2009 6:52:21 PM

the point was never that MD5 was used to store passwords

it was to get people to post MD5s of their passwords with the hope that they would have some simple word as their password that WOULD show up on a database search, giving Chance access to yet another account

that was the purpose of the thread when he made it the first time...it has zero to do with how passwords are stored, and everything to do with whether or not somebody would actually post a known string that did turn out to be their password

i don't know what you're arguing

[Edited on February 24, 2009 at 6:55 PM. Reason : .]

2/24/2009 6:54:43 PM

00000000000000000000000000000000

? It can't possibly actually be 0 can it?

2/24/2009 6:59:43 PM

why couldnt it be?

2/24/2009 7:00:23 PM

Quote :

"what are you arguing"

im just arguing about the size of my dick.

you think chance is really trying to hack TWW passwords?

i guess i would have never thought anyone here would be stupid enough to stick their true password in there.

but.... now that you mention it.... i should never underestimate how stupid some people can be, or what a cocksucker Chance is.




[Edited on February 24, 2009 at 7:01 PM. Reason : ]

2/24/2009 7:00:32 PM

i'll bet wwwebsurfer's password used to be 'nebula'

2/24/2009 7:01:40 PM