 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 312
 Members: 0
 Total: 312
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
MD5 idea |
|
 Posted: Thu Jul 05, 2007 9:51 pm |
 |
|
| agentsteal |
| Regular user |
 |
|
| Joined: Jun 09, 2007 |
| Posts: 5 |
|
|
|
 |
|
 |
|
Right now, MD5s > 8 characters are impossible to brute force. Brute forcing 9 characters alphanumeric takes a year and 10 characters alphanumeric takes 25 years. And rainbow tables can only do up to 8 characters because of the disk space. Most passwords are 9-10 characters so if there was an online cracker that could do up to 10 character passwords, it could make MD5s very insecure.
What if we made an online cracker that runs rainbow tables up to 8 characters and then splits up the keyspace and sends it to 5000 volunteers' computers. By splitting up the keyspace over 5000 computers, we could test a 9-10 character password in a day instead of 26 years. |
|
|
|
|
| Posted: Thu Jul 05, 2007 10:19 pm |
|
|
| Sm0ke |
| Moderator |
 |
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Jul 06, 2007 3:26 am |
|
|
| agentsteal |
| Regular user |
|
|
| Joined: Jun 09, 2007 |
| Posts: 5 |
|
|
|
|
|
|
|
well 9 characters alpha is possible but 9 characters alphanumeric takes over a year... and 10 characters alphanumeric takes over 25 years... 11 characters alphanumeric takes over 800 years. milw0rm's cracker only goes up to 7 characters, and they have cracked less than half of their hashes.
But my point is that if we make a project that splits up the keyspace between volunteers' computers and get [the number of years the keyspace takes] * 365 volunteers, we could try the keyspace in a day, and potentially crack keyspaces like alphanumeric 9-11, which would totally make MD5 insecure. |
|
|
|
|
| Posted: Fri Jul 06, 2007 4:18 am |
|
|
| Sm0ke |
| Moderator |
|
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
|
|
|
|
9-9 loweralpha-numeric would take 25 years to make. If you get 5000 volunteers it will take only 2,94 day per person. But you will never get that mutch volunteers so forget it...  |
|
|
|
|
| Posted: Fri Jul 06, 2007 8:39 am |
|
|
| drag |
| Active user |
|
|
| Joined: May 31, 2007 |
| Posts: 25 |
|
|
|
|
|
|
|
| Rainbow tables as the answer to 'cracking' passwords quickly, and how to imlement this, is always fun for me to think about. I'm more of a hardware engineer than software, and have always thought a fun project would be a hardware based rainbow table generator/cracker. I'm curious to know how well hardware could do the job. I'd bet that a rainbow table custom processor could be 1000x as fast. Would be a really fun project.. if only I had more time. |
|
|
|
|
| Posted: Fri Jul 06, 2007 2:05 pm |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
