also @ TechSpot: Windows 7 overtakes Vista among enthusiasts, plus other interesting trends

Most Popular

Top Stories Commented  Featured 

ATI Radeon HD 5570 Review  featured

Windows 7 overtakes Vista among enthusiasts, plus other interesting trends

IBM launches next generation Power 7 CPU, servers

AMD's six-core Thuban to have feature like Turbo Boost?

Google to launch Twitter-like service for Gmail

Intel unveils Itanium 9300 series enterprise processors

Netflix to roll out 1080p streaming later this year

China closes major hacker ring, arrests three members

More Top Stories

Downloads & Drivers

Downloads   Drivers  

Super Utilities Professional 9.8.8

Blaze Media Pro 9.10

F-Secure Internet Security 2010 10.12

IncrediMail 6.0.4 Build 4480

Cobian Backup 10.0.0.244 Beta

More Downloads

TS Community

Recent Discussion   User Gallery  

Will Radeon 5870 run with a 580W PSU?

Graphics upgrade, only have PCI slot

New motherboard won't Windows setup copy files

New Build POST Problem

Help with my laptop not booting to windows

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Industry News

Google serves as MD5 password cracker

By Jose Vilches, TechSpot.com
Published: November 23, 2007, 10:11 AM EST
Cambridge University researcher Steven Murdoch successfully used Google to help crack a password used by an attacker who had hacked into his blog a few weeks ago and created a user account.

After he quickly disabled the account, Murdoch became curious to know what the hacker’s password might be. Since his website uses WordPress, which stores passwords as unsalted MD5 hashes in its user database, he wrote a script which hashed all words in both the English and Russian dictionary to find a match. He had no luck, however, so he turned to Google.

He took the MD5 password hash from the database and stuck it into Google, which revealed multiple sites featuring the word “Anthony”, the attacker's password. While this certainly is an interesting trick, Google’s usefulness as an MD5 cracker is fairly limited as it only finds hashes of things that people have hashed before, thus the importance of using hard to guess passwords.

Related Stories

2 comments
RSS

User Comments (2)

Post a comment
phantasm66
on November 23, 2007
1:01 PM
While this certainly is an interesting trick, Google’s usefulness as an MD5 cracker is fairly limited as it only finds hashes of things that people have hashed before, thus the importance of using hard to guess passwords.
But people DON'T use hard to guess passwords - they use crappy ones!

I think this is a great hack. I love it.

phantasm66
on November 26, 2007
3:20 AM		Hahahah it works!

Go to http://pajhome.org.uk/crypt/md5/

Grab an MD5 of a common name, like Paul, David, Mike, etc.

Put the result into Google and watch it find it!!

Browse more commented news