Wednesday, January 21, 2009

World's Fastest MD5 Crack

Ever wondered what does this "463c8a7593a8a79078cb5c119424e62a" MD5 string mean? Well, i don't and will never (i am no God) probably.

Lets say you get your hands into a database which so calls hashed passwords using MD5 (without salts) and would like to reverse this hash (yes, i said reverse an MD5 hash-how kewl) then try this tool from Svarychevski Michail Aleksandrovich called BarsWF. Its by far the world's fastest Md5 cracker:

There are multiple versions, some use the power of your video card and some just the CPU to run the process.

AMD BROOK Beta 0.9: - ATi/AMD card 2xxx, 3xxx, 4xxx
BarsWF Brook x64
BarsWF Brook x32

CUDA 0.8: - nVidia GeForce 8xxx and up, at least 256mb of video memory.
BarsWF CUDA x64
BarsWF CUDA x32

SSE2: (P4, Core2Duo, Athlon64, Sempron64, Phenom)
BarsWF SSE x64
BarsWF SSE x32

It took me a couple of seconds to unhash "pass" and as i am writing this, i am trying to unhash another "complex" password of mine from an application that stores the passwords in MD5 (web based).

Check out my CPU and the application in action


Just download the appropriate version, or just use the SSE2 one if you are unsure and try to crack the hash "463c8a7593a8a79078cb5c119424e62a" as seen above. Location: http://3.14.by/en/md5

To give you a hint and make life easy, this MD5 just have alphabets in lowercase only :).

So, to run the tool with knowing the "hint" above (well in real life you won't really know but to just guess, of course, having more complex phrases and lenght will definately increase the time it will take to reverse)

BarsWF_SSE2_x32.exe -h 463c8a7593a8a79078cb5c119424e62a -c a
[the .exe] + -h [the hashed Md5 string] + -c [a]

Usage:
-? Prints this help
-r Continue previous work from barswf.save BarsWF updates it every 5 minutes or on exit
-h [hash] Set hash to attack
-c 0aA~ Set charset. 0 - digits, a - small chars , A - capitals, ~ - special symbols
-C "abc23#" Add custom characters to charset.
-X "0D0A00" Add custom characters in hex to charset.
-min_len 3 Minimal password length. Default 0. MAX 15!!! :-]


Once you've runned the command above, let me know the value of the Md5 string :). Have fun.

One tip, notice only 15 characters MAX, meaning, if you are planning to use MD5, encourage the use of >15 chars, it is computationally very very very hard to crack that in humanly possible time.

MD5 according to wiki: n cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it is now known to be partially insecure[1] thus reducing its suitability for these purposes. An MD5 hash is typically expressed as a 32 digit hexadecimal number.

No comments: