Monday, February 19, 2007

You call that a game? This is a......

Firstly; sorry for the lack of updates, I've really been too busy to come up with anything interesting to write, and haven't found anything particularly interesting to write about.

Now, onto the bad title. I found the following "game" on digg: and decided to see exactly how effective the sha-1 rainbowtables I had found were.

Now, the first thing I tried was using since you can crack up to 50 hashes at a time (50 because that is the limit per IP). So I ran the list of hashes against (using a proxy for the second 50) and got quite good results; I think that at least 50 (I wasn't counting) of the hashes I cracked came from

After this I ran the remaining hashes against and and was able to crack a further 20 hashes.

I tried running the remaining 30 against, but got no results (which doesn't really say anything since the only ones left were the ones no-one else could get), and I got interrupted while running the hashes against, which during the time I was away went down, and I don't have an account on (if anyone does, I'd really appreciate it if you got in contact with me), and seems to be down for maintenance.

So while this little anecdote can't testify to the usefulness of any single site (other than, it clearly illustrates that it doesn't matter what hashing algorithm you use if you do not salt the data first, and your users use poor passwords. But we already knew that, so *shrug*.

No comments: