cancel
Showing results for 
Search instead for 
Did you mean: 

An interesting security cracker

VileReynard
Seasoned Pro
Posts: 10,825
Thanks: 250
Fixes: 10
Registered: 01-09-2007

An interesting security cracker

A few excerpts from http://www.guardian.co.uk/technology/2007/dec/06/onlinepasswordssecurity
Quote
Google's password cracker
Last month, the security group at the University of Cambridge's Computer Lab had its group blog, Light Blue Touchpaper (lightbluetouchpaper.org), hacked via a previously unknown vulnerability in the popular blogging software Wordpress. While cleaning up, researcher Steven Murdoch discovered a new problem: Google makes a fine password cracker.
Basic security principles prohibit storing a list of valid usernames and passwords in clear text. Instead, they are stored in a encrypted ("hashed") form, so the list is unreadable to anyone who does gain access. To check a password, you encrypt it and compare the result against what is stored. Your password never resurfaces in the clear.
Wordpress encrypts passwords using a popular algorithm called MD5, a one-way function that had turned the hacker's password into "20f1aeb7819d7858684c898d1e98c1bb". Murdoch tried cracking it, then tried a Google search on the string. It spat back a few pages showing that the original word - the hacker's password - was "Anthony".

Quote
you can try your favourite password at pajhome.org.uk/crypt/md5/ and then search Google for the result.

I generally use the same password for sites where it doesn't matter if someone cracks it.
Following the above instructions, I used google (successfully) to find my password if I give it the one-way MD5 hash.

1 REPLY
Community Veteran
Posts: 5,880
Thanks: 1
Registered: 05-04-2007

Re: An interesting security cracker

Well, my main password nor my PN a/c one show up on google...