×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Online MD5 Hash Database

ScuttleMonkey posted more than 8 years ago | from the handy-tools-that-want-to-get-slashdotted dept.

Security 295

Gravix writes with a shameless plug for his new site "Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!" Shameless plug aside, the site still seems worth a closer look.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

295 comments

first post? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13369657)

fp!

poo (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13369658)

poo

Slashdot (1, Funny)

charon_1 (562573) | more than 8 years ago | (#13369659)

It doesnt have the hash for slashdot :( 4e9fd9f4624c02685096769364a81d95

Re:Slashdot (3, Funny)

keeleysam (792221) | more than 8 years ago | (#13369689)

RESULTS:
Hash Pass
4e9fd9f4624c02685096769364a81d95 slashdot

Yes, it does.

Re:Slashdot (1, Funny)

Anonymous Coward | more than 8 years ago | (#13369880)

Hands up everyone who could've told that from memory.

GNAA First post (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13369660)

GNAA

Re:GNAA First post (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13369954)

Up yours, stupid fuck. Can't you fagget niggers count to 3 anymore?

haha (-1, Flamebait)

linux_warp (187395) | more than 8 years ago | (#13369666)

"No more waiting weeks for your results!" - now if only microsoft could have used this when they were trying to get WinFS done in time for Vista.

Bada-Ching! Here all night.

Re:haha (-1)

Anonymous Coward | more than 8 years ago | (#13369672)

Not funny. Sorry.

OT but... (-1)

Anonymous Coward | more than 8 years ago | (#13369693)

I've seen this everywhere (on /.)... "Thank you, I'll be here all week. Try the veal."

It has to be a reference. To what?

Re:OT but... (0)

Anonymous Coward | more than 8 years ago | (#13369708)

Google is your friend!

"try the veal"

Re:OT but... (-1)

Anonymous Coward | more than 8 years ago | (#13369710)

Bad comedians, performing at a dinner venue? I'm sure one of the Leisure Suit Larry games had a particularly gruesome example...

quick (5, Funny)

Lehk228 (705449) | more than 8 years ago | (#13369667)

Quick! everybody go test your password security by sending it to a random web site

Re:quick (-1)

Anonymous Coward | more than 8 years ago | (#13369715)

my password is.. Gizmo

what's yours?

Re:quick (2, Interesting)

qaq (908831) | more than 8 years ago | (#13370098)

Y it's so unsecure because there is this public database of IPs availible so they won't have to try many hosts to find the one with your password.

oh, i get it! (5, Funny)

Anonymous Coward | more than 8 years ago | (#13369673)

6436a55a08760c5b94dbed4476f83fcd

Re:oh, i get it! (0)

Anonymous Coward | more than 8 years ago | (#13369711)

Uh, I don't get it.

What does

6436a55a08760c5b94dbed4476f83fcd

translate to?

Using the secret decoder did not work for me.

Re:oh, i get it! (-1)

Anonymous Coward | more than 8 years ago | (#13369727)

Using the secret decoder did not work for me.

?????

Re:oh, i get it! (0)

Anonymous Coward | more than 8 years ago | (#13369749)

ecb27bf66c32a67151e16bf55bcace25

md5summer.exe (0)

weighn (578357) | more than 8 years ago | (#13369846)

if anyone is interested, the md5 hash for the md5 summer (win32) is 6f122df5e2b86bc0bc8885cafe4b9eab

Re:md5summer.exe (0)

Anonymous Coward | more than 8 years ago | (#13369934)

if anyone is interested

No.

Re:oh, i get it! (2, Insightful)

isorox (205688) | more than 8 years ago | (#13369906)

8acb583ce572bbdd4d8cd3375fba65f9

Re:oh, i get it! (5, Funny)

Matilda the Hun (861460) | more than 8 years ago | (#13369965)

8acb583ce572bbdd4d8cd3375fba65f9
--
This post may be the personal opinion of me and noone else, but it's more likely to be random characters.


Someone mod his sig +5 Insightful.

Downloadable database form? (5, Interesting)

5n3ak3rp1mp (305814) | more than 8 years ago | (#13369688)

Does anyone know how to get a hold of a database such as this? As part of our IT auditing I'd like to be able to do a join of our md5-encoded user passwords (no salts or anything) with this to see whose password is insecure... yeah, that's it...

Re:Downloadable database form? (5, Informative)

Janitha (817744) | more than 8 years ago | (#13369781)

You can create it, actually if you asked that a few months ago I had 100GB worth of md5 0-8 alpha-ALPHA-num every combination for sale (which I later made free if you sent me DVD's) but I deleted since no one was much interested and it was much needed space for other stuff. I used rainbowcrack (http://www.antsight.com/zsl/rainbowcrack [antsight.com]) for some reason the linux client seems to work much faster than the windows one (although it made no sense to why)

Re:Downloadable database form? (4, Interesting)

rd4tech (711615) | more than 8 years ago | (#13370136)

Recently I did a project for crunching out MD5 hashed on windows and linux. Linux was faster by 1/3 and mainly because of less time was spend waiting for the system to finish the i/o part.

Re:Downloadable database form? (3, Insightful)

bobbozzo (622815) | more than 8 years ago | (#13369843)

One of the vendors at DefCon this year was selling them.

Try googling for Rainbow Tables.

Re:Downloadable database form? (0, Funny)

Anonymous Coward | more than 8 years ago | (#13369899)

Create a program to hash out a dictionary file. You can get dictionaries for many different languages. It probably wouldn't take too long to get 12 million hashes.

6436a55a08760c5b94dbed4476f83fcd is funny though. Wow.

Re:Downloadable database form? (4, Informative)

Janitha (817744) | more than 8 years ago | (#13369921)

With multiple programs working on seperate parts (assuming you broke your whole project into many tables) it can be done pretty fast. Specially if you have access to many computers. The rainbowcrack will automatically pick up and resume work if interupted in the middle, and skips over if the asked table is already created, so its perfect for the job of spanning across multiple machines.

Hmmm... (5, Insightful)

mg2 (823681) | more than 8 years ago | (#13369690)

Seems like using salted MD5 hashes would render this kind of stuff totally useless.

...You all use salted md5 hashing in your applications, don't you?

Re:Hmmm... (4, Funny)

FLAGGR (800770) | more than 8 years ago | (#13369736)

I prefer pepper.

Re:Hmmm... (4, Interesting)

bsdrawkcab (622946) | more than 8 years ago | (#13370046)

You jest, but I seem to recall "pepper" being used to describe a related scheme under which the salt is secret and has a relatively small domain (but large enough to make dictionary attacks much harder). The idea was that if you provide the right password, the computer can exhaust the possible pepper values until it gets a match, but the correct value never needs to be stored.

Sound familiar to anyone else? Anyone know if it's used in practice?

Re:Hmmm... (0)

Anonymous Coward | more than 8 years ago | (#13369751)

Umm. As someone new to cryptology...

What's "salted"?

Re:Hmmm... (1, Funny)

Anonymous Coward | more than 8 years ago | (#13369874)

Salt is a term used for ionic compounds composed of positively charged cations and negatively charged anions, so that the product is neutral and without a net charge. These ions can be inorganic (Cl-) as well as organic (CH3-COO-) and monoatomic (F-) as well as polyatomic ions (SO42-).

Re:Hmmm... (3, Informative)

Tobbe Starfield (908742) | more than 8 years ago | (#13370171)

If you just store the hashes of passwords they are vulnerable to dictionary attacks. If you also add some random data, "salt", to each password before hashing, you get a salted hash. Even if you store the "salt" and salted hash right next to each other, it gets much harder to attack. (Of course this may well have other applications than password storage.)

Re:Hmmm... (3, Informative)

jurt1235 (834677) | more than 8 years ago | (#13369936)

MD5 is a hashing method, and ofcourse you can look up the hashes again. It is just a quick and dirty way of encoding your passwords in php, or to check if a file is really that file which you were expecting. It is not for real password encryption use.

Anyway: MD5 hashes over a certain dataset are not unique. Two datasets can result in the same MD5 hash, assuming a fixed has length. This database could point those out too.

As last remark: This kind of database use has been done before by chess engines. By just storing most succesful board setups, the next moves could be executed more effectively and a lot faster.

You might expect that... (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#13369968)

>You all use salted md5 hashing in your applications, don't you?

I was just reviewing some popular browser extensions that create site-specific passwords. Click a widget, enter a keysequence or something like that and they fill in a password that's an MD5 hash of the site name concatenated with a master password from the user.

No salt.

There are probably blackhats out there who have *memorized* the MD5 of "passwordpaypal.com".

Re:Hmmm... (2, Funny)

Anonymous Coward | more than 8 years ago | (#13370006)

OMG then we would just make a database of salted md5 hashes!! YOU CAN'T WIN VERSUS THE HAX0RS.

Salting *and iterating* (5, Interesting)

Paul Crowley (837) | more than 8 years ago | (#13370056)

Actually I have seen many applications that fail to salt passwords before hashing them; it's depressing. Salt should be long enough to be globally unique when randomly generated. Old-style Unix passwords used a 12-bit salt, which was pathetic; 128 bits would be plenty.

In addition, it's best to iterate the hash many times, which slows down dictionary attacks. See Kelsey, Schneier et al, "Secure Applications of Low-Entropy Keys":

http://www.schneier.com/paper-low-entropy.html [schneier.com]

The proofs in that paper are based on the assumption that the hash function is collision free, which of course MD5 isn't; another hash function might be preferable.

Hash Counter (4, Funny)

Lord Byron II (671689) | more than 8 years ago | (#13369697)

This is fun.. watching his hash counter go up. It was at 32 when I first saw it, which means that near all of the increase over the next few days can be attributed to the /. effect (assuming he doesn't get posted to some other major site).

Bug in counter (1)

SirPrize (590850) | more than 8 years ago | (#13369805)

I think there's some kind of bug in the counter, or the site is being ./'d, with over 65535 or 2^64-1 hits, as I initially saw the counter with a value of around 70, and now when I look at it, the counter had gone DOWN to 30 something, and was on the increase again.

Re:Bug in counter (1)

Randseed (132501) | more than 8 years ago | (#13369814)

Simple. The 31337 h4xx0r5 are all dumping their databases into it, trying to see if they can find any gold, as it were.

Doesn't seem very useful (5, Insightful)

VeryProfessional (805174) | more than 8 years ago | (#13369702)

Apart from the fact that this site is somewhat morally questionable, it doesn't seem to work very well. I inserted a number of hashes for common first names and dictionary words, and none of them returned a hit. If the database doesn't even cover common stuff such as this, what is it really good for? Really, 12 million hashes out of a space of 2^128 is truly miniscule.

Re:Doesn't seem very useful (5, Insightful)

kasperd (592156) | more than 8 years ago | (#13369729)

I inserted a number of hashes for common first names and dictionary words, and none of them returned a hit.

You wouldn't by any chance be using the md5sum command line utility and typing a newline after the word? I just tried my own name, which turned out to be in the database. Could you give just a few examples of the hash values you submitted, and the word you expected it to return?

Re:Doesn't seem very useful (4, Informative)

VeryProfessional (805174) | more than 8 years ago | (#13369745)

You wouldn't by any chance be using the md5sum command line utility and typing a newline after the word? I just tried my own name, which turned out to be in the database. Could you give just a few examples of the hash values you submitted, and the word you expected it to return?

Oops, right you are, that's exactly what I was doing... tried the same words with echo -n and they were in fact in the database.

/me wipes egg off face

Re:Doesn't seem very useful (0)

Anonymous Coward | more than 8 years ago | (#13369787)

... very professional!

Re:Doesn't seem very useful (2, Interesting)

blowdart (31458) | more than 8 years ago | (#13369821)

It certainly didn't get my passwords, but I was less amused by the popup attempts, for both onLoad and the getFocus event for the text box where you're supposed to type. Certainly felt slimey, no wonder the submitter was happy to try to get his own site slashdotted, the popups for casinos (well I had to see what they were!) no doubt bring in some pocket money.

It also seems very limited to dictionary words, there's no attempt at some useful things like IP addresses (I've seen a few BBSes who don't publish IPs, but instead publish hashes).

Re:Doesn't seem very useful (1)

DRobson (835318) | more than 8 years ago | (#13369985)

Really, 12 million hashes out of a space of 2^128 is truly miniscule.

Considering the average persons password, and the fact a large number of applications wouldnt use salts, I'd say you'd be able to crack a good 3/4 of the passwords out there. In fact, 12 million is a damn side larger than I'd expect is needed for password 'auditing'. Never underestimate the amount of craptacular passwords out there.

Re:Doesn't seem very useful (1)

H0ek (86256) | more than 8 years ago | (#13369998)

If you're using md5sum, it helps if you don't include the newline, like this:
echo -n phrack | md5sum
returns:

f6174179c90c0366b99d7a1d91cf6f4a

Which successfully performs the lookup for me.

So what? (5, Informative)

kasperd (592156) | more than 8 years ago | (#13369707)

Any system using plain md5 to hash passwords is broken anyway. Include a salt - and any database over hashes will become useless. Besides if people choose good passwords, they are most likely not in the database. That is already two reasons why people should be protected, do we need anymore?

For many other uses of cryptographic hashes the input is much more than a single word, and typically you don't really worry about keeping the input a secret anyway.

wow (1, Insightful)

Anonymous Coward | more than 8 years ago | (#13369740)

They must be smoking some dope ass crack if they think they have lots of common permutations of dictionary words covered. Try fcaf8cb5751b2995c95f6c8021584eff (h3ll0) or 50c20343d45744b1aa36ace8c04c700a (th3r3). Is there anything simpler in terms of commons words with obvious numeric substitutions that it actually gets?

Re:wow (3, Informative)

FLAGGR (800770) | more than 8 years ago | (#13369782)

thats why the made a form for you to add words. Crazy ain't it. Although they should've made some automatic leetspeak adding script.

Re:wow (0)

Anonymous Coward | more than 8 years ago | (#13369925)

<summary-quote>The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization.</summary-quote>

No, it's not crazy, but the summary indicated that they already had a massive database of hashes->probable_word pairs, and it emphasized that common numeric substitutions on dictionary words could be checked quickly.

Can you really not see how somebody would be surprised that even the simplest imaginable substitutions (leet-speak for 'hello') are not there?

People who can't read or think on slashdot, but always have a dumb, passive-aggressive smart ass response. Crazy, ain't it? Sadly, it isn't really crazy or unexpected.

Re:wow (0)

Anonymous Coward | more than 8 years ago | (#13370144)

Same with 772aac231903404032dedb9c5dcf778e (w1nt3r) which I know I've seen caught by commercial products in the past.

Linux (1)

sanmarcos (811477) | more than 8 years ago | (#13369761)

My question is, does Linux, more specifically Debian, use MD5 for its passwords? Or what kind of "system" does it use to store and compare hashed passwords?

Re:Linux (2, Informative)

arodland (127775) | more than 8 years ago | (#13369773)

Linux distros these days use MD5 by default -- but they use it in a way that's not so horribly stupid as to be broken by this attack.

Re:Linux (4, Interesting)

isorox (205688) | more than 8 years ago | (#13369910)

Linux distros these days use MD5 by default -- but they use it in a way that's not so horribly stupid as to be broken by this attack.

In an "intro to linux" course I had to take a while back as part of a general engineer course, I noticed that one of the test machines wasn't using /etc/shadow. A few lines of perl, /usr/share/dict and 30 seconds later and I had the root password, the same password as other more important machines. Naturally I mentioned this to the tutors (aftre some subtle brainfucking)

Re:Linux (4, Interesting)

khrtt (701691) | more than 8 years ago | (#13369943)

A friend of mine got his account terminated for a manoeuver like this -- he ran crack over an unshadowed /etc/passwd on one of the machines at his school and sent the output to the sysadmin:-)

More often then not people are dumb and easily scared. Every time you do something they don't expect you to do, they might treat you as a criminal, no matter what your intentions. If I'd come across someone else's root password, I'd think twice before telling them. That is, unless I wasn't their boss, or hired by their boss to do this.

BTW, I bet the root password you got was "god", "the plague", or something from the same wavelength:-).

Re:Linux (1)

frinkacheese (790787) | more than 8 years ago | (#13370159)

Yeah well, I did that too but I sent the output anonymously to the whole school (whose email addresses were conveniently listed in the GECOS).

We also had a problem on a RADIUS server recently and we had to dump passwords to a file to fix it. A quick sort -u and guess what the most popular password was? Go on guess..

Ok I'll tell you, it was "password"
....

Re:Linux (4, Informative)

spitefulcrow (713858) | more than 8 years ago | (#13369825)

Any modern Linux distribution worth its salt (pardon the pun) uses at least an MD5-based salted password storage system. Wikipedia will tell you more about salting. [wikipedia.org] What it boils down to is that using enough bits of salt can make it infeasible for Joe Hacker to store a database of passwords, salts, and their hashed values that would encompass all combinations and allow dictionary attacks against MD5-protected passwords. If your Linux system doesn't use a salted hash to store passwords in /etc/shadow, you may have an issue if untrusted users have access to your system. Then again, if untrusted users have enough access to read /etc/shadow, you have a bigger problem than someone cracking your normal user passwords.

MD5 is nice but... (5, Informative)

nmb3000 (741169) | more than 8 years ago | (#13369789)

What would be really nice is to see this grow past a simple MD5 database. If you're going to get traffic, you really should get an NTLM database up and start populating it as soon as possible.

A few other places have these, in differing amounts. Rainbowcrack [rainbowcrack.com] has tons of them, but require you to submit some before being allowed to query the system. I did submit a few NTLM hash tables, but it took the better part of a week to get my query back (it's supposed to be a lot faster than that).

There's also Ophcrack [lasecwww.epfl.ch] which uses tables similar to rainbow tables. It has a web interface to query NTLM hashes for simple passwords.

With these pre-computed hash tables, basic password security is starting to take a hit and it's becoming more and more worthwhile to use a simple but long password rather than a short and complex one. If you're on Windows, it's also VERY worthwhile to read about forcing Windows to store only the NTLM hash and drop the LM hash [microsoft.com]. It breaks old compatibility with Win 9x but is very worth it if you don't need that. This helps against precomputed attackes but has an even bigger impact agains brute-force attacks.

Re:MD5 is nice but... (3, Insightful)

aicrules (819392) | more than 8 years ago | (#13369817)

GREAT! So now all freaking IT security departments are going to up the minimum password length to like 64 in ADDITION to having to change it every other day, not being able to use the last 1000 passwords you've ever used, and requiring alternating caps, numbers, and punctuation.

Sure, I'm exaggerating a little, but the amount of time I have to spend on password maintenance is nearly making a line item on my time sheet.

Re:MD5 is nice but... (1)

Ossifer (703813) | more than 8 years ago | (#13370126)

When I run into this I usually the the IT head about how great his security standards are--so great that I need to write down each password on a post-it note... Now that's security!

For those that don't know (5, Informative)

Sycraft-fu (314770) | more than 8 years ago | (#13369861)

To call LM weak would be an understatement. LM takes passwords up to 14 charackets in length, fine you think until you realise that the way tey did it is to hash 2 7-character strings. This means for any password, you have to crack a max of 7 characters. Oh, and did I meantion it's case insensitive?

There are existing ranbowtables covering basically the entire LM space but, really, you don't need it. A fast dual core chip will crack it in less than a day.

The parent is correct in that in all cases you can you should set Windows to only use NTLM, or better yet NTLMv2. We are (finally) getting to do that at work as we purged the last NT and 98 systems from the domain.

Re:MD5 is nice but... (2, Interesting)

Nailer (69468) | more than 8 years ago | (#13369980)

it's also VERY worthwhile to read about forcing Windows to store only the NTLM hash and drop the LM hash.

I thought NTLMv2 was MD4, which is still broken according to its inventors?

Windows shouldn't send either NTLM or NTLMv2 (1)

Nailer (69468) | more than 8 years ago | (#13369997)

http://www.google.com/url?sa=t&ct=res&cd=2&url=htt p%3A//www.blackhat.com/presentations/bh-asia-04/bh -jp-04-pdfs/bh-jp-04-seki.pdf&ei=iXUJQ4yLOK2UsAGU9 PzUDQ [google.com]

Yeah, NTLMv2 is MD4, which is broken, doesn't allow salting, and doesn't even need to be cracked anymore, just looked up in a Rainbow table.

My question for Windows admins: can I use kerberos for everything in Windows, so it never sends a hash, never ever, ever, across the network? Just TGTs and service tickets encrypted with that hash?

That's network logins, access to shares, and any other time a password may travel across the network.

Pointless. (2, Insightful)

Randseed (132501) | more than 8 years ago | (#13369827)

I generated a PHP script that does password managing a couple of weeks ago, and even I used a SALT in the process. I suppose that this is useful if you come across a site so horribly broken as to not use a SALT, or if you know the SALT ahead of time somehow. (Not hard to do the latter, really.)

All in all, this is another ho-hum kind of story.

Re:Pointless. (3, Funny)

gardyloo (512791) | more than 8 years ago | (#13369918)

I suppose that this is useful if you come across a site so horribly broken as to not use a SALT [...]

    In that case, you might try battery...

Whew! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#13369831)

We finally know what f3789b3c1be47758203f9e8a4d8c6a2a means!

What's With The...Bragging (0)

Anonymous Coward | more than 8 years ago | (#13369842)

Page generated in 0.000568 seconds.

The dude knew the slashdot crowd was heading his way so he put in a timer just to look impressive... sigh.

Advantages (5, Funny)

Elitist_Phoenix (808424) | more than 8 years ago | (#13369844)

What advantages does this database have over say a Cray supercomputer, which I could also afford.

Take it from me... (3, Funny)

Saeed al-Sahaf (665390) | more than 8 years ago | (#13369870)

What advantages does this database have over say a Cray supercomputer, which I could also afford.

Does not take up as much room, and someone else is responsible for the maintenance. It's too late for me, but you might benefit from my shortsightedness.

Crypto experts... SHA1? (1)

mnemonic_ (164550) | more than 8 years ago | (#13369850)

Would these (or similar) attacks work against sha1 hashes?

Re:Crypto experts... SHA1? (3, Informative)

Anonymous Coward | more than 8 years ago | (#13369878)

It is not an attack, it is just a dictionary.
It works for any hash function.

MOD PARENT INFORMATIVE (0)

Anonymous Coward | more than 8 years ago | (#13369893)

This is not about a weak hash, the dictionary is only a threat to wrong use of the hash.

Re:Crypto experts... SHA1? (3, Informative)

chialea (8009) | more than 8 years ago | (#13369889)

They're just precomputing hashes, from what I can see. There's nothing that stops you from doing it for a very large number of inputs and storing the results. If you want to get a collision using that precomputation, however, it'll be a lot harder on SHA-1 than on MD-5, even given the new attacks on it. (If you're curious about the attacks, look at this years' CRYPTO papers. Professor Wong and her team have come out with some great stuff.) Preimage attacks will probably still be difficult on SHA-1, as the new results don't signifigantly impact the property of preimage-resistance (from what I saw of the attacks in the talks).

The upshot is: (1) yes, you can do this, it's just brute-force; (2) it's not as easy with MD-5.

Lea

Re:Crypto experts... SHA1? (1)

cbrocious (764766) | more than 8 years ago | (#13369894)

So long as the hashes aren't salted, which they most likely aren't in many cases, although they should be.

Kickbacks (-1)

Anonymous Coward | more than 8 years ago | (#13369879)

Do you think the Slashdot editors are getting some kickbacks from this adwhore's ads?
It must've taken some real technical genius to accrue a database of 12 million hashes, multiple languages and all!

Slashdot is dead, it's over, move along. Only dupes, ads and morons here.

Wow (0, Offtopic)

elronxenu (117773) | more than 8 years ago | (#13369909)

9e925e9341b490bfd3b4c4ca3b0c1ef2; a2a551a6458a8de22446cc76d639a9e9; 0cc175b9c0f1b6a831c399e269772661; acaa16770db76c1ffb9cee51c3cabfcf; 1cba77c39b4d0a81024a7aada3655a28.

This page is a76637b62ea99acda12f5859313f539a (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13369923)

This page is very a76637b62ea99acda12f5859313f539a. I thought it was going to be 8c32b1f76c746d784f0c1fd005e2a220 but I was 2bda2998d9b0ee197da142a0447f6725

71d3e8b42792b5e476804f4f7fbddc58

Sign me,
294de3557d9d00b3d2d8a1e6aab028cf; 9b2eb5bf255726fd3e3c0561e10c258f

Compression Algorithm (2, Funny)

PingPongBoy (303994) | more than 8 years ago | (#13369928)

With this database suddenly all files are compressible to 32 bytes. A 1440 Kb floppy disk can store 46080 MD5 hashes. If each hash represents a file that is on average 10 Mb, the floppy disk can store 461 Gb on average.

This is quite useful for archival purposes.

The whole idea of information versus random noise is really apparent when you compare which MD5 hashes have personal significance to the set of all possible hashes.

Re:Compression Algorithm (3, Informative)

Anonymous Coward | more than 8 years ago | (#13369962)

MD5 hashes aren't unique. There are around 2^105 (around 10^32, or 10 decillion) 10 MB files with the hash '498b4ddc9f957eca6473923163dd117f', for example. There's also a five-letter word that coincidentally hashes to that value AND describes you, but you can find it yourself.

Re:Compression Algorithm (1)

chatgris (735079) | more than 8 years ago | (#13370038)

"A 1440 Kb floppy disk can store 46080 MD5 hashes"

Unless you did raw device io, FAT12 (which is the standard floppy format) has overhead associated with its fat table... You won't fit that many :)

Re:Compression Algorithm (0)

Anonymous Coward | more than 8 years ago | (#13370182)

"With this database suddenly all files are compressible to 32 bytes"

*sigh*

There were idiotic messages like this all the the time to comp.compression, and they were always swatted down. But here, in the "News for Nerds", this gets modded to +5 Interesting!

An easy test: Why a lossless compression algorithem that compresses all possible files doesn't exist? (Hint: count all possible files expressed by a certain number of bits)

Trojan alert (5, Informative)

Anonymous Coward | more than 8 years ago | (#13370057)

Visiting this site (md5 one) resulted in pop-ups which were loaded with the StartPage Trojan which fortunately F-Secure spotted.

e1568c571e684e0fb1724da85d215dc0 (2, Interesting)

ShakiirNvar (904354) | more than 8 years ago | (#13370156)

but as previously pointed out, with a few minor additions (as to which it depends on whether you prefer salt or pepper :p) to the procedure, this database becomes a minor security concern.

Security to obscurity (1)

drange_net (859642) | more than 8 years ago | (#13370165)

This seems to a good reason to do some obscure MD5-security hacks like nested MD5 hashing or reversing string before hashing it...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...