Most Popular

Top Stories Latest Featured

Play Crysis Wars for free

Firefox Mobile alpha coming "in a few weeks"

Dish to pay TiVo $104 million

AMD spins off its manufacturing business

Proposed EU directive could force iPhone, iPod redesign

RIM to launch BlackBerry Application Center

Sony to offer DRM-free music at 66 cents per track

T-Mobile sees greater than it expected demand for G1

More Top Stories

Downloads & Drivers

Downloads Drivers Essentials

AnyDVD & AnyDVD HD 6.4.7.1 beta

µTorrent 1.8.1 Build 12616 (utorrent)

Opera 9.60 Build 10447

Total Uninstall 4.9.5

Revo Uninstaller 1.75

AML Free Registry Cleaner 4.11

Evil Player 1.27

More Downloads

TS Community

Recent Discussions Community Archive

Getting Red Alert to work on XP-Home

Need a Good Program to Transfer Large Amount of File fr...

PC is slower than usual. Can't boot in to safe modes ei...

Disk Boot Failure, Instert System Disk and Press Enter

Advise and input please

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

IT

Google serves as MD5 password cracker

By Jose Vilches, TechSpot.com
Published: November 23, 2007, 10:11 AM EST

Cambridge University researcher Steven Murdoch successfully used Google to help crack a password used by an attacker who had hacked into his blog a few weeks ago and created a user account.

After he quickly disabled the account, Murdoch became curious to know what the hacker’s password might be. Since his website uses WordPress, which stores passwords as unsalted MD5 hashes in its user database, he wrote a script which hashed all words in both the English and Russian dictionary to find a match. He had no luck, however, so he turned to Google.

He took the MD5 password hash from the database and stuck it into Google, which revealed multiple sites featuring the word “Anthony”, the attacker's password. While this certainly is an interesting trick, Google’s usefulness as an MD5 cracker is fairly limited as it only finds hashes of things that people have hashed before, thus the importance of using hard to guess passwords.

Related Stories

2 comments
RSS

User Comments (2)

Post a comment
phantasm66
on November 23, 2007
1:01 PM
quote:
While this certainly is an interesting trick, Google’s usefulness as an MD5 cracker is fairly limited as it only finds hashes of things that people have hashed before, thus the importance of using hard to guess passwords.


But people DON'T use hard to guess passwords - they use crappy ones!

I think this is a great hack. I love it.

phantasm66
on November 26, 2007
3:20 AM		Hahahah it works!

Go to http://pajhome.org.uk/crypt/md5/

Grab an MD5 of a common name, like Paul, David, Mike, etc.

Put the result into Google and watch it find it!!

Browse more commented news