[CLUE-Tech] Re: [CLUE-TechDSL (Cisco Modem) - passwords

[Jeremiah Stanley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> From some research I did last night it seems MD5 is a one way
> encryption.  I had to started to write a program to try and reverse
> the algorythm.  I have code for doing MD5 so I thought I would try and
> go the other way.  No such luck :^( .

Just for a reference to "crack" MD5 you would need to have all of the 
worlds computers working on this 24/7/365, take into account Moore's Law 
in this too. Now ignore the storage requirements for this with the ratio 
of 1 silicon atom to 1 bit of storage, which puts the storage requirement 
for this project at about twice the estimated amount of silicon in the 
universe. It would still take you 2^212 years, by that time I'm sure the 
sun will have supernova'd us all the component atoms wasting all those 
cycles we could have used to play solitaire and cure cancer. You may 
have better luck throwing in some differential calc and working against 
linear equations and all but it still hasn't been proven that MD5 is 
weak to anything but brute force. ;)

- ----- Newbie Reference Here -----
MD5 is a hashing algorithm, it really isn't intended to be used the 
encrypt data. It is a way of taking an arbitrary sized piece of data (like 
a debian ISO) and turn that into a 128bit number. If you run md5sum on a 
file and I run md5sum on the same file, we should get the same number out 
of the program. But, if I change just one bit of the file, the number (in 
binary) should have a difference of at least 50% in the number returned. 
So that way when I download the ISO I can tell if my download was janky.
- ----- End Newbie Reference -----

> At 07:28 PM 1/4/02 -0500, you wrote:
> > >
> > > Anyone know how to reverse MD5 encryption? :^)
> > >
> >I left my PIII 500 going at it for a LONG time using john the ripper.  For
> >fun, I found the previous sysAdmin's password, so I tried to crack it.  No
> >such luck.  It was "fun" though, letting my system work all the time.

If you let ol John run long enough. He will "brute force" guess the 
password correctly. My personal root password at home here took my Duron 
700 about 126 hours to crack. While most dictionary words will be done in 
a matter of seconds.

John works by MD5'ing strings in his dictionary and seeing if they match 
what is pulled out of /etc/shadow. Once he is done with his dictionary he 
will work on small permutations of those words (like S=$, etc) and then 
good ol John will start trying 16-128 bit strings sequentially until he 
eventually cracks your password. This is why changing your passwords every 
few weeks is a Good Thing(tm). John The Ripper is a wonderful tool for 
this type of work.

For anybody who runs systems with lots of users that can set their own 
passwords I suggest using PAM's cracklib support and regularly checking 
/etc/shadow for 'weak' passwords. By weak I mean words found in a 
dictionary.

If you are interested in knowing more about cryptography and cryptanalysis 
I suggest reading Bruce Schneier's 'Applied Cryptography'. It is a little 
old (1996), but all the core stuff you'll need to know is in there. You'll 
need to have a decent grounding in C to understand most of what goes on 
under the hood, but the writing style is light and quick so it's easy to 
stay entertained.

Hope this helps, and didn't confuse!

Jeremiah Stanley
- -- 
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8OPo1Ad8Nj1SHkdcRAgBzAKCECk2cq2sAwNPU+zqqgSAlcGk+0QCfYnJJ
XBssMxJqxNDXGb7c71oTyb4=
=U8Jj
-----END PGP SIGNATURE-----