1. Originally Posted by IMI
In other words, we do still have to fear the above average 19 year old outcast, can't-get-a-date-to-save-his-life, college computer geek with advanced hacking tools?
Yup: http://3.14.by/en/md5

Cheers,
Mike

2. wow, i started a thread that made it to three pages! that's a first haha

3. Originally Posted by Lightwolf
Yup: http://3.14.by/en/md5

Cheers,
Mike
Hmm, interesting. It is using GPU, am I reading it right?

4. Originally Posted by art
Hmm, interesting. It is using GPU, am I reading it right?
Yeah that's right. Probably the same deal as the [email protected] project which uses your GPU during down time.

5. Originally Posted by art
Hmm, interesting. It is using GPU, am I reading it right?
Yup, including SLI/multi-GPU set-ups - and as many CPU cores as the system provides. Mind you, computing md5 hashes is very trivial to run in parallel.

Basically all it does is compute the md5 has for a sequence of characters and see if it matches the md5 you entered as the target (pass words as usually stored as md5 hashes - which is like an advanced kind of checksum really). Then it tries a different sequence of characters.

Cheers,
Mike

6. I think I need to increase the lenght of my passwords by a few characters

7. Originally Posted by IMI
How many possible combinations are there in 8 characters, given 26 letter in the English alphabet and 10 digits, plus cases and special characters?
I already answered to that question. It's easy enough to calculate. With extended ASCII you have 256 differenct characters in use. So, with one character you'll have 256 different combinations. With two characters you'll have 256*256 combinations etc. So you can count the amount of combinations simply with a formula:

Code:
`combinations = 256^x, where x = amount of characters`
Thus with 8 characters you'll have 256^8 = 18 446 744 073 709 551 616 possible combinations. So if one would use BarsWF (350 million tries per second) for brute force MD5 cracking it would take (in worst case scenario) approximately 1671 years and some months more. But if you use only lower case characters then your password would crack in little less than 10 minutes in the worst possible scenario (for the cracker that is).

Remember folks though, if you are using normal words which can be found from a dictionary or which are common names etc your password WILL break in no time.

8. Originally Posted by Ember
8 characters with all ASCII characters = 18 446 744 073 709 551 616 different combinations, 10 characters = 1 208 925 819 614 629 174 706 176 - that's 65536 times more combinations! Oh and if you'll use just lower case US/UK characters: 8 characters = 208 827 064 576 and with 10 = 141 167 095 653 376.

The difference is staggering, add upper case characters and special characters into your password and you can keep it shorter. Just my two cents into this discussion :P
The problem is you won't be able to use all 256 characters, more like the alphabet, numbers and common extra characters (roughly 20 or so)... which leaves us with 82 characters or so... heck, make it 100 (most will be filtered out and the others depends heavily on the character set used and aren't really safe unless you've tested them in the system, i.e. öäüß).

Currently with GPUs you can compute 2 billion hashes per second per 1000US\$ invested. 8 characters as described above takes roughly max. 33 days (probably less, I've got the numbers for a slightly slower app), on average half of that though.

Anything with more than 10 characters is still fairly secure though.

Cheers,
Mike

9. Originally Posted by Lightwolf
The problem is you won't be able to use all 256 characters, more like the alphabet, numbers and common extra characters (roughly 20 or so)... which leaves us with 82 characters or so... heck, make it 100 (most will be filtered out and the others depends heavily on the character set used and aren't really safe unless you've tested them in the system, i.e. öäüß).
Very true, that's why I stated "in the worst possible scenario". It's theoretically possible to use the full extended ASCII range but in practice no one will use it. And if you want to go wild you'll use UTF-8 in all it's glory (or heck, even UTF-32!). Typing only strange special symbols as your password in UTF-8 you'll most likely prevent all possible cracking attempts. The fact that you won't most likely remember your password after that is a completely different matter

10. That's why I use KeePass' password generator. It makes a password of whatever legnth you like composed of characters like this: XEA3ne9vPkGy0rjYaVdv (an actual password, but I'm not saying which site for... ) and then for ones I need to remember and not just store, I use a line from a poem or song, or quote from a film - something on the order of 30 chars or so. Sure it's words, but using Camel case or l33t number transposition helps.

B
PS. I can thoroughly recommend xmarks too!

11. Originally Posted by IMI
But is there anything that CAN'T be cracked? I find it difficult getting my head around the possibility even software can figure out even an eight character password within any reasonable time period.
Like I told some students a while back - If it's turned on... it can be hacked. When it's not turned on... it can be stolen (then hacked). If someone wants the information bad enough, they can get it.

With the right equipment I can grab everything off your system even if it's not connected to a network. If I can get close enough, I can take it while sitting in your driveway eating a ham sandwich.

12. Originally Posted by Hopper
I can take it while sitting in your driveway eating a ham sandwich.
Note to self: do not invite hopper to my driveway with ham sandwich

Note to self: do not invite hopper to my driveway with ham sandwich

No worries.. I no longer use my powers for evil. I got a little overconfident in college once and got caught. They put me on the "bad list of boys and girls". I was too pompus to consider that there might be someone out there smart enough to catch me. Live and learn. There's always someone out there that's better.

14. I wanna know where the ham sammich comes in, why it's been apparently revealed as necessary, and what hardships are created for the hacker if you substitute ham with turkey.

15. Originally Posted by IMI
I wanna know where the ham sammich comes in, why it's been apparently revealed as necessary, and what hardships are created for the hacker if you substitute ham with turkey.
Hacking without a sandwich is sacrilege. Technically it should be a cheese sandwich (ala Hitchhikkers Guide), but I prefer the pig. You wouldn't want a hungry hacker anyway. A hungry hacker soon gets grumpy and turns into an a-ss hat and causes damage. Ahhh the days when hacking was a respectable endeavor. It had an understood civility to it. I miss those days. Now the term is fraught with implications of thievery and destruction. 'Real' hackers used to get into places they weren't supposed to be just for the fun of it, leave a little calling card and call it a day. Now it's all about stealing and destroying nformation and monetary gain. What a shame.

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•