Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Md5 and dictionary words


Md5 and dictionary words

By ghostghost | 3959 Reads |
0     0

What is this article about: Alot of times people are to stupid to use dictionary word as a password. (Web)programmers know that dictionary words as password are unsave. But alot of time’s they forget that “normal” people still use dictionary word as passwords and they don’t “protect” there site for this.

Exemple: Lets say a website maker decrypt his members passwords as md5. He thinks his members are save. Even if a hacker gets a md5 hash or database backup. Because he thinks md5 can’t be decryted. Now a member’s password is “secret” and the hash is 5ebe2294ecd0e0f08eab7690d2a6ee69.

Using a simple Md5 lookup table (www.md5lookup.com) we can find the password; “secret”. (brute forcing it would ofcourse work but would take longer.)

Prevent it: This is easy. -You can add a prefix to the password. -You can also double crypt it -Or both (php example)

<?php
$password = "secret"; 
$salt = "567_";
$new_password = md5(crypt($password, $salt)); /*thanks to Grindordie for the tip on the crypt function so it isnt random*/
echo "Dubbel encryted hash:  ".$new_password; 
?>```
 
This will make a0b6da60b13c51db029f75f33e4c139f. Cracking that would be alot harder.
Because encryting this won’t make a dictionary word and have to be brute forced.
Saving $new_password to the database would be saver. Then Just $password.
Decrypting it isn’t impossible because every encrytion can be decrypted using brute force.
But it would be very hard and take ages.

**The end:**
That was it. 
Please rate. 
Goofy

Comments
ghost's avatar
ghost 18 years ago

Well if the personn don't know it's salted it's harder to decrypt for sure but if he know how it's salted it's the same as cracking a normal md5 hash. BTW double encryption have already been covered on this site try to post new stuff not stuff that we have seen over and over.

ghost's avatar
ghost 18 years ago

Thanks Grindordie. Didn't know that.