?

Log in

No account? Create an account
entries friends calendar profile Previous Previous Next Next
Ingenious~ - IBNeko's Journal-Nyo~!
ibneko
ibneko
Ingenious~
Instead of downloading a bigass rainbow table, now, maybe if this works, you can just google your MD5 hash.

http://www.nth-dimension.org.uk/utils/ghash.php
(they should add SHA-1! maybe? o.O And the other ways of encrypting passwords...)

Although it'd be more interesting if they actually created a wordlist with configuration 6*. And put that online. Looks like they're just doing a wordlist.

*see: http://www.antsight.com/zsl/rainbowcrack/ (rainbow tables - 64 GB XD)

They do note that it would take several years for just one computer to calculate that entire table... but for the Google Hash site, they calculate the number on the fly... so they would only have to generate (and store?) the original keys... not too bad?

(Hmmm.. I wonder if there's some way to trick Google into calculating the MD5 hases for us...)

[edit] No, there's another way to do this. Essentially, provide a list of characters - clicking on a character will add that to the current string that we hash. So it's kinda recursive...

I'll build an example this afternoon, when I finish lunch. This should be interesting. The only limit now, is how deep Google will crawl? And if Google crawls depth-first or breadth-first? And how much data would Google be willing to store from a simple site?

Hashes I want to do: maybe we'll start with MD5 first. Then SHA? And the windows password hashing method?

And a final question: Is this unethical? Because technically, the only real use for the last one would be to crack passwords... And I can't really think of any reason why you might need the other ones. Although I must say, I'm rather fond of the idea of creating information and making it searchable. I am a creature of information. Hear me roar? o.O Mew.

Tags:

1 happy kitten | Leave catnip
Comments
timbrown From: timbrown Date: June 25th, 2007 10:37 am (UTC) (Link)

Glad you like it

Hey, saw your post regarding Google Hash. You're right that it is dictionary based. The idea was spawned amongst colleagues when we were considering the idea of buying a Google applicance to index hashes. I argued that you'd still need to have enough storage to hold the original data, or that you'd need to create it dynamically. The PoC was merely to see if it was possible. We never did get that appliance :(. Your implementation looks quite cute, I wonder how long before Google takes the bait.
1 happy kitten | Leave catnip