Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
An interesting security cracker
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- An interesting security cracker
An interesting security cracker
06-12-2007 1:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
A few excerpts from http://www.guardian.co.uk/technology/2007/dec/06/onlinepasswordssecurity
I generally use the same password for sites where it doesn't matter if someone cracks it.
Following the above instructions, I used google (successfully) to find my password if I give it the one-way MD5 hash.
Quote Google's password cracker
Last month, the security group at the University of Cambridge's Computer Lab had its group blog, Light Blue Touchpaper (lightbluetouchpaper.org), hacked via a previously unknown vulnerability in the popular blogging software Wordpress. While cleaning up, researcher Steven Murdoch discovered a new problem: Google makes a fine password cracker.
Basic security principles prohibit storing a list of valid usernames and passwords in clear text. Instead, they are stored in a encrypted ("hashed") form, so the list is unreadable to anyone who does gain access. To check a password, you encrypt it and compare the result against what is stored. Your password never resurfaces in the clear.
Wordpress encrypts passwords using a popular algorithm called MD5, a one-way function that had turned the hacker's password into "20f1aeb7819d7858684c898d1e98c1bb". Murdoch tried cracking it, then tried a Google search on the string. It spat back a few pages showing that the original word - the hacker's password - was "Anthony".
Quote you can try your favourite password at pajhome.org.uk/crypt/md5/ and then search Google for the result.
I generally use the same password for sites where it doesn't matter if someone cracks it.
Following the above instructions, I used google (successfully) to find my password if I give it the one-way MD5 hash.
"In The Beginning Was The Word, And The Word Was Aardvark."
1 REPLY 1
Re: An interesting security cracker
06-12-2007 1:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Well, my main password nor my PN a/c one show up on google...
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- An interesting security cracker