Transmission Line Noise

Revers­ing <span class="caps">MD5</span>

Mon, Jan 11, 2010

Here is an inter­est­ing one from the not very lead­ing edge. When you add a pass­word to a site it is often encrypted with and MD5 hash this mean that a word like ‘leonie’ is con­verted into a string that looks like this ‘af58e0965b64b67028e1f40c69317bf1’.

Now he nice thing about this con­ver­sion is that it is only one way. i.e. from the hash ‘af58e0965b64b67028e1f40c69317bf1’ you can­not reverse the algo­rithm that cre­ated it

and get back to ‘leonie’. How­ever some help­ful peo­ple on the web have pub­lished the MD5’s of almost every word there is and put them on web sites, so by google­ing for ‘af58e0965b64b67028e1f40c69317bf1’ you get ‘leonie’ and are able to crack the the secu­rity that this should give you.

There is no way round this, although i fully expect an Amer­i­can Sen­a­tor or the EU to attempt to leg­is­late against it, other than to make sure the string you use is unlikely to hap­pen in real life and there­fore less vul­ner­a­ble to this type of dic­tio­nary attack.

So instead of ‘leonie’ ‘l30n13’ wher 3 = e and 1 — i and 0 = o helps to remem­ber the pass­word but make the attack less easy and even bet­ter would be ‘L30n13@’

Don’t say i didn’t tell you!