How to use the database to crack the md5-vulnerability warning-the black bar safety net

2009-12-11T00:00:00
ID MYHACK58:62200925569
Type myhack58
Reporter 佚名
Modified 2009-12-11T00:00:00

Description

Why password the number of bits short of MD5 unsafe?

A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC.

Note that we are going to discuss is the one to crack the Code of thinking, and does not provide a specific method. If you want to and we are inconsistent, then the back will not Your the desired content.

A few days ago to see the MD5 information, I suddenly emerge an idea:

If by means of a massive database storage and retrieval advantages, the crack of shorter length of the one-way MD5 should not be a big problem.

First, we assume that the password length is 6 words, this is a lot of forums use the length, if the password consists of lowercase letters constituting words, the database to be stored 2 6 6 pieces of data, each data of length 6 to + 4 0 = 4 is 6 bytes, then the size of the database is 14210125696byte, about 14G. For a large database, this amount of data is not large.

In order to make my computer be faster to achieve my idea, I assume that the password length of four lowercase letters. Below let us look at the process.

My running environment:

Windows XP Pro, Apache 1. x. 3, MySql 3.23.49, PHP 4.0.6 to.

The main frequency 900MHZ, memory 256M for.

First of all, I in Mysql the establishment of a md database and a md table used to store password and encrypted MD5 characters.

The table structure is as follows:

Then through the program to to the inside to add the data:

<? php

// Connecting, selecting database

$link = mysql_connect("localhost", "root", "") or die("Could not connect");

print "Connected successfully<br>";

mysql_select_db("md") or die("Could not select database");

function getmicrotime()

{

list($usec, $sec) = explode(" ",microtime());

return ((float)$usec + (float)$sec);

}

$time_start = getmicrotime();

set_time_limit ( 0 );

echo '<html><head>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">

<title>md5</title>

<style>

<!--

html { font-family: Verdana; font-size: 9pt }

-->

</style>

</head>

<body>';

// create the password

for ($i = 9 7 ; $i < 1 2 3 ; $i++ )

{

for( $j = 9 7 ; $j < 1 2 3 ; $j++ )

{

for ( $k = 9 7 ; $k < 1 2 3 ; $k++ )

{

for( $l = 9 7 ; $l < 1 2 3 ; $l++ )

{

$name = chr($i). chr($j). chr($k). chr($l);

echo $name.' '.$ md.'& lt;br>';

$md = md5( $name );

mysql_query("INSERT INTO md (pass, passmd) VALUES ('$name', '$md');",$link);

}

}

}

}

$time_end = getmicrotime();

$time = $time_end - $time_start;

echo '<center>Runtime: '.$ time.' seconds</center></font>';

echo '</body></html>';

?& gt;

By running the program build the data with out me probably five minutes of time.

Then, a very simple script you can implement password hack query.

<? php

$link = mysql_connect("localhost", "root", "") or die("Could not connect");

print "Connected successfully<br>";

mysql_select_db("md") or die("Could not select database");

function getmicrotime()

{

list($usec, $sec) = explode(" ",microtime());

return ((float)$usec + (float)$sec);

}

echo '<html><head>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">

<title>md5</title>

<style>

<!--

html { font-family: Verdana; font-size: 9pt }

INPUT {

BORDER-RIGHT: #0 0 0 0 0 0 1px solid; BORDER-TOP: #0 0 0 0 0 0 1px solid; BORDER-LEFT: #0 0 0 0 0 0 1px solid; BORDER-BOTTOM: #0 0 0 0 0 0 1px solid; FONT-FAMILY: Verdana

}

-->

</style>

</head>

<body>';

$time_start = getmicrotime();

set_time_limit ( 0 );

if ( 2 == $step )

{

$result = mysql_query( "SELECT * FROM md WHERE passmd='$inpass' LIMIT 0, 3 0 " , $link );

while ($row = mysql_fetch_array($result))

{

echo '<p>The password is <b>'.$ row[0].'& lt;/b><p>';

echo '<a href="index.php?"& gt;click here to goback</a>';

}

}else

{

echo

'

<form method="post" >

<input name="inpass"><INPUT TYPE="hidden" name="step" value="2">

<INPUT TYPE="submit">

</form>

';

}

$time_end = getmicrotime();

$time = $time_end - $time_start;

echo '<center>Runtime: '.$ time.' seconds</center></font>';

echo '</body></html>';

?& gt;

Thus, it is easy to achieve a password crack.

Below is the demo:

The Query page

Query results

If the database is large enough, crack the MD5 should not what difficult thing, but the real use of the password is not like the theory so much, people are always very habit of using a simple memorable password. In time, the use of distributed computing is a good choice. Once such a public database is established, the MD5 is no longer secure. A good way is to lengthen your password, longer than 1 3 The password is relatively secure.