We have a simple hasher we use for hashing non-salted guids that looks like this in c#:
static void Main(string[] args) {
Console.WriteLine("Hashing : {0}", args[0]);
Console.WriteLine("Hashed : {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(args[0], "SHA1"));
}
If you take the list of leaked hashes, and hash the password "footba!!" (93214AAA02F99EC127A698836B33337EF7C8BB2C), then search the text file for that hash, you will find it. Someone used the password "footba!!" in linkedin.
It's simple to start off with "a", hash that, and then move to "b" and continue all the way down to "abc[ect]" building a huge table of pre-hashed passwords.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Yuri Nahum
Sent: Sunday, June 10, 2012 9:29 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Password cracking
Hey Guys,
Are there some openly available lists of hashed passwords to play around
with? I know, surely Google knows some of those, but it seems I'm to
stupid to find them.
My second question concerns Rainbow tables. It's quite simple, but I
cannot grasp this reduction function which maps a hashvalue to a
possible password. Are there some agreed-upon standards? What does this
function look like, say, if I wanted to implement it.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
static void Main(string[] args) {
Console.WriteLine("Hashing : {0}", args[0]);
Console.WriteLine("Hashed : {0}", FormsAuthentication.HashPasswordForStoringInConfigFile(args[0], "SHA1"));
}
If you take the list of leaked hashes, and hash the password "footba!!" (93214AAA02F99EC127A698836B33337EF7C8BB2C), then search the text file for that hash, you will find it. Someone used the password "footba!!" in linkedin.
It's simple to start off with "a", hash that, and then move to "b" and continue all the way down to "abc[ect]" building a huge table of pre-hashed passwords.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Yuri Nahum
Sent: Sunday, June 10, 2012 9:29 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Password cracking
Hey Guys,
Are there some openly available lists of hashed passwords to play around
with? I know, surely Google knows some of those, but it seems I'm to
stupid to find them.
My second question concerns Rainbow tables. It's quite simple, but I
cannot grasp this reduction function which maps a hashvalue to a
possible password. Are there some agreed-upon standards? What does this
function look like, say, if I wanted to implement it.
Best regards
Yuri
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]