数秒钟之内破解MySQL的MD5函数
来源:互联网 发布:软件开发工程师年薪 编辑:程序博客网 时间:2024/05/14 16:36
Eager to try this out for myself, I did a quick Google and found a Project RainbowCrack which was a Windows/Linux utility that would brute force crack MD5 hashes amongst other secure algorithms. Thinking it would be shrouded in mathematical terms and phrases unfamiliar to me I didn't hold out much hope that I could get it to do what I wanted; to take a sample of passwords that were stored in MySQL database tables using the MD5() function and crack them for me.
The project builds a number of lookup tables to make the whole process a lot quicker. This in all fairness only took about 18hours to complete on my dual processor 3GHZ machine. After the tables where built it was a simple matter of running a simple command line utility to crack the MD5 hash. Time taken? 1.26seconds! That's how secure MySQL passwords encoded with MD5() are at this precise moment.
Some sample output from RainbowCrack
e:/rainbowcrack-1.2-win>rcrack *.rt -h 7694f4a66316e53c8cdd9d9954bd611dmd5_loweralpha#1-7_0_2100x8000000_all.rt:128000000 bytes read, disk access time: 6.23 sverifying the file...searching for 1 hash...plaintext of 7694f4a66316e53c8cdd9d9954bd611d is qlkjalkjcryptanalysis time: 1.52 sstatistics-------------------------------------------------------plaintext found: 1 of 1 (100.00%)total disk access time: 6.23 stotal cryptanalysis time: 1.52 stotal chain walk step: 403651total false alarm: 388total chain walk step due to false alarm: 579374result-------------------------------------------------------7694f4a66316e53c8cdd9d9954bd611d qlkjalkj hex:71
So really, the only reason to store passwords using MD5() would be to discourage the casual hacker, but it is by no means a secure method as some sites would have you believe. It is fair to note that the RainbowCrack documentation states that salted MD5 hashes can't be broken, but MySQL doesn't salt their implementation so it makes no difference here.
- 数秒钟之内破解MySQL的MD5函数
- 数秒钟之内破解MySQL的MD5函数
- 从hash函数到王小云的MD5破解
- 谈谈MD5的破解
- MD5的破解
- 理论计算机初步:从hash函数到王小云的MD5破解
- 三秒钟快速破解加密的PDF文件
- 三秒钟快速破解加密的PDF文件
- 1000之内的完数
- md5到md5破解的一些科普
- MD5和MD5破解的一些事
- 一些MD5 破解的网站
- 破解md5加密的crackme
- 破解md5的一个方法
- 一个md5破解的网站。。
- 破解md5加密的方法
- 【密码学】云的MD5破解
- 从Hash函数到MD5破解
- Internet 协议编号
- 标准库:标准库中的排序算法
- 标准库:标准库中的搜索算法
- 标准库:基于文件的容器
- 高效使用标准库 1
- 数秒钟之内破解MySQL的MD5函数
- 班级春游收支清单
- 影响一个人最重要的三句话
- reflect的一个使用的例子---------------自动赋值
- SQL Server 中系统表的作用
- 偶写的第一个控件,一个用选择代替输入的Edit控件
- 《魔兽世界》中国服务器强图收集(努力更新中)
- 复制文件夹所有内容 和 删除整个文件夹的2个函数
- 关于PHOTOSHOP