<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    Dev@Free

    zJun's Tech Weblog

    [轉] 破解MySQL的MD5函數

    As per the documentation on MySQL I moved the storage of passwords from using Password() to using MD5(). I read a number of places that stated that this was a method that couldn't be reversed and it was far more secure than the previous method. I was feeling confident that life was about to get a little more secure. While going through my daily RSS feeds and mailing lists for SpikeSource , I happenned upon a thread about someone discussing how easy it was to break MD5 hashes. It was a simple matter of using a brute force algorithm to check all the different combinations.

    Eager to try this out for myself, I did a quick Google and found a Project RainbowCrack which was a Windows/Linux utility that would brute force crack MD5 hashes amongst other secure algorithms. Thinking it would be shrouded in mathematical terms and phrases unfamiliar to me I didn't hold out much hope that I could get it to do what I wanted; to take a sample of passwords that were stored in MySQL database tables using the MD5() function and crack them for me.

    The project builds a number of lookup tables to make the whole process a lot quicker. This in all fairness only took about 18hours to complete on my dual processor 3GHZ machine. After the tables where built it was a simple matter of running a simple command line utility to crack the MD5 hash. Time taken? 1.26seconds! That's how secure MySQL passwords encoded with MD5() are at this precise moment.

    Some sample output from RainbowCrack

    				e:\rainbowcrack-1.2-win>rcrack *.rt -h 7694f4a66316e53c8cdd9d9954bd611d
    md5_loweralpha#1-7_0_2100x8000000_all.rt:
    128000000 bytes read, disk access time: 6.23 s
    verifying the file...
    searching for 1 hash...
    plaintext of 7694f4a66316e53c8cdd9d9954bd611d is qlkjalkj
    cryptanalysis time: 1.52 s
    statistics
    -------------------------------------------------------
    plaintext found:          1 of 1 (100.00%)
    total disk access time:   6.23 s
    total cryptanalysis time: 1.52 s
    total chain walk step:    403651
    total false alarm:        388
    total chain walk step due to false alarm: 579374
    result
    -------------------------------------------------------
    7694f4a66316e53c8cdd9d9954bd611d  qlkjalkj  hex:71
    
    		

    So really, the only reason to store passwords using MD5() would be to discourage the casual hacker, but it is by no means a secure method as some sites would have you believe. It is fair to note that the RainbowCrack documentation states that salted MD5 hashes can't be broken, but MySQL doesn't salt their implementation so it makes no difference here.

    posted on 2007-01-17 16:22 zJun's帛羅閣 閱讀(2594) 評論(0)  編輯  收藏 所屬分類: 數據庫

    導航

    <2007年1月>
    31123456
    78910111213
    14151617181920
    21222324252627
    28293031123
    45678910

    統計

    常用鏈接

    留言簿(15)

    隨筆分類

    隨筆檔案

    相冊

    收藏夾

    博客

    文檔

    站點

    論壇

    搜索

    積分與排名

    最新評論

    閱讀排行榜

    評論排行榜

    主站蜘蛛池模板: 亚洲男人电影天堂| 中文字幕精品亚洲无线码一区| 精品久久久久亚洲| 免费无码婬片aaa直播表情| 亚洲免费观看视频| 亚洲国产精品嫩草影院在线观看 | 最近免费中文字幕大全高清大全1 最近免费中文字幕mv在线电影 | 亚洲综合中文字幕无线码| 欧洲乱码伦视频免费| 亚洲乱码中文字幕小综合| 一级特黄a免费大片| 国产成人高清亚洲| 在线观看免费无码视频| 成人免费无码视频在线网站| 亚洲最大无码中文字幕| 国产成人在线观看免费网站| 黄色a级片免费看| 亚洲国产成人高清在线观看| 69pao强力打造免费高清| 日本亚洲精品色婷婷在线影院| 浮力影院第一页小视频国产在线观看免费 | 日本亚洲视频在线| 2021免费日韩视频网| 亚洲国产精品久久久久秋霞小| 亚洲精品美女久久久久99小说| a级日本高清免费看| 亚洲成电影在线观看青青| 日本xxwwxxww在线视频免费| 成年大片免费高清在线看黄| 国产在线国偷精品产拍免费| 国产精品亚洲专区在线播放| 16女性下面无遮挡免费| 亚洲七久久之综合七久久| 亚洲欧洲精品成人久久曰影片| 日韩插啊免费视频在线观看| 国产亚洲精品影视在线产品| 亚洲免费中文字幕| 污视频网站在线免费看| 亚洲综合久久综合激情久久| 岛国大片免费在线观看| 中文字幕在线视频免费|