doubts on md5 cracking

[moutanabbi]

hello
i have always doubted on those md5 crackers. so i decided to test my self these stuff.
i have created an md5 hash from a fake password
i will wait till some one find it to really believe

here is the hash : 5732c6230fbd678b0e8cd7676c731564

good luck guys

[IvanG]

[D3ad0ne]

Exactly!

What do you mean "i have always doubted on those md5 crackers."?

Since you know how many characters you used to - "created an md5 hash from" you can figure out how long it will take at most to find the plaintext from it.

You can use my calculator - http://hashcrackers.thruhere.net/bruteforce_calc.html check the boxes that pertain to what characters you used then put in the speed of your machine that is cracking it, for example one of my machines can do 4,478.84 billion combinations a second. With all options turned on, a password of 7 characters would take at most 4.3 hours to crack.

i will wait till some one find it to really believe

You could have used any length or combination of characters to make that, why would anyone want waste their time with it?
Maybe if you submit a hash that only has a length of 7 characters then we might entertain your request.

[moutanabbi]

so you mean that more than 8 characters it is a waisting of time ?
i thought that a powerfull md5 cracker will do it for any length !!
come on guys, i thought you re genius guys not lazy ones !!

[BarsMonster]

so you mean that more than 8 characters it is a waisting of time ?
i thought that a powerfull md5 cracker will do it for any length !!
come on guys, i thought you re genius guys not lazy ones !!

Seriously, personal time of most of the guys here costs 40$+ per hour.
I doubt anyone here going to waste any amount of time to impress you.

[D3ad0ne]

so you mean that more than 8 characters it is a waisting of time

Sorry I miss calculated earlier, 7 characters takes a little over 4 hours not 8. A length of 8 takes 17 days, a length of 9 takes 4.5 years. Unless you reduce the character count each time you increase the length. For example if you only do caps/lower letters and numbers with a length of 8 without the special characters it will only take 13 hours instead of 17 days.

So yes a length over 8 characters is a waste of time well about 4.5 years of time at current speeds.

If you really want to test someone go over to http://hashkiller.com as they crack hashes all the time.

[schwarzwaldhacker]

Budden, are you serious???

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>

<head>
<title>Hash Crackers Bruteforce Calulator</title>
<link rel="stylesheet" href="style.css">
</head>
<script>

function $(a)
{
	return document.getElementById(a);
}

function calc()
{
	var total_chars = calc_chars();
	var pass_length = 1*$("pass_length").value;
	var combinations = Math.pow(total_chars,pass_length);
	
	$("combinations").value = combinations;
	
	$("time").value = calc_time(combinations / $("cps").value);
	
}

function calc_time(s)
{
	if (s          < 60)  return s         + " second(s)";
	if (s/60       < 60)  return s/60      + " minute(s)";
	if (s/60/60    < 24)  return s/3600    + " hour(s)";
	if (s/60/60/24 < 356) return s/3600/24 + " day(s)";
	
	return s/60/60/24/356  + " year(s)";
}

function calc_chars()
{
	var total_chars = 0;
	if($("chars_upper_letters").checked == true) total_chars+=26;
	if($("chars_lower_letters").checked == true) total_chars+=26;
	
	if($("chars_numbers").checked == true) total_chars+=10;
	if($("chars_special").checked == true) total_chars+=1*$("chars_special_count").value;
	
	$("chars_total").value=total_chars;
	return total_chars;
}

</script>
<body onload="calc();">

<body background="bg_image.jpg" bgcolor="#ffffff">
<table border="0" cellspacing="1" cellpadding="3" width="780" bgcolor="#004000" 
align=center>
  <tbody>
  <tr>

    <td></td></tr>
  <tr>
    <td bgcolor="#ffffff">
      <p align="center"><img border="0" hspace="0" src="hashcrackers.gif" width="400" height="112"></p>
      <table border="0" cellspacing="0" cellpadding="0" width="780" align="center">
        <tbody>
        <center>

<div style="WIDTH: 340px">
<br>

<h2>Brute Force Calculator</h2>

<p>Password length is <input id="pass_length" onchange="calc();" size="3" value="8"> characters.</p>
<div style="BACKGROUND-COLOR: #eeeeee" align="left">
<p>+<input type="checkbox" id="chars_upper_letters" onclick="calc();"><font color="green">026</font> Upper Letters<br>

<font color="#aaaaaa">ABCDEFGHIJKLMNOPQRSTUVWXYZ</font></p>

<p>+<input type="checkbox" id="chars_lower_letters" onclick="calc();"><font color="green">026</font> Lower Letters<br>

<font color="#aaaaaa">abcdefghijklmnopqrstuvwxyz</font></p>

<p>+<input type="checkbox" id="chars_numbers" onclick="calc();"><font color="green">010</font> Numbers<br>

<font color="#aaaaaa">0123456789</font></p>

<p>+<input type="checkbox" id="chars_special" onclick="calc();"><input id="chars_special_count" value="033" size="1" onchange="calc();" style="COLOR: green"> Special Characters</p>
<hr>
<p>=&nbsp;&nbsp;&nbsp;<input id="chars_total" disabled size="2"> Total characters</p>

</div>

<p>Combinations per second: <input id="cps" onchange="calc();" size="40" value="264000000"></p>
<p>Combinations: <input id="combinations" disabled size="40"></p>

<div style="BACKGROUND-COLOR: #eeeeee">
<p>Time: <input id="time" disabled size="40"></p>
</div>
</div>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
</center>
  <tr>
    <td bgcolor="#004000"><font style="BACKGROUND-COLOR: #004000" 
      color=#ffffff>&nbsp;(c)&nbsp;HashCrackers.thruhere.net 2009. All Rights 
      Reserved.</font></td></tr></tbody></table></tr></tbody></table>

</body>
</html>

But I guess, this is the important part:

function $(a)
{
return document.getElementById(a);
}

function calc()
{
var total_chars = calc_chars();
var pass_length = 1*$("pass_length").value;
var combinations = Math.pow(total_chars,pass_length);

$("combinations").value = combinations;

$("time").value = calc_time(combinations / $("cps").value);

}

function calc_time(s)
{
if (s < 60) return s + " second(s)";
if (s/60 < 60) return s/60 + " minute(s)";
if (s/60/60 < 24) return s/3600 + " hour(s)";
if (s/60/60/24 < 356) return s/3600/24 + " day(s)";

return s/60/60/24/356 + " year(s)";
}

function calc_chars()
{
var total_chars = 0;
if($("chars_upper_letters").checked == true) total_chars+=26;
if($("chars_lower_letters").checked == true) total_chars+=26;

if($("chars_numbers").checked == true) total_chars+=10;
if($("chars_special").checked == true) total_chars+=1*$("chars_special_count").value;

$("chars_total").value=total_chars;
return total_chars;
}

Gone to bed too late, yesterday???

[moutanabbi]

so you mean that more than 8 characters it is a waisting of time

Sorry I miss calculated earlier, 7 characters takes a little over 4 hours not 8. A length of 8 takes 17 days, a length of 9 takes 4.5 years. Unless you reduce the character count each time you increase the length. For example if you only do caps/lower letters and numbers with a length of 8 without the special characters it will only take 13 hours instead of 17 days.

So yes a length over 8 characters is a waste of time well about 4.5 years of time at current speeds.

If you really want to test someone go over to http://hashkiller.com as they crack hashes all the time.

so if you don't know the length of the word, let's say an important password, no one can find it for years , if i understand
why then all these softs and crackers for nothing , is it a game ?

[LordMike]

so you mean that more than 8 characters it is a waisting of time

Sorry I miss calculated earlier, 7 characters takes a little over 4 hours not 8. A length of 8 takes 17 days, a length of 9 takes 4.5 years. Unless you reduce the character count each time you increase the length. For example if you only do caps/lower letters and numbers with a length of 8 without the special characters it will only take 13 hours instead of 17 days.

So yes a length over 8 characters is a waste of time well about 4.5 years of time at current speeds.

If you really want to test someone go over to http://hashkiller.com as they crack hashes all the time.

so if you don't know the length of the word, let's say an important password, no one can find it for years , if i understand
why then all these softs and crackers for nothing , is it a game ?

It's an attempt, and a quick solution for most cases. Mr. and Mrs. World-Citizen don't use 27 character passwords with a combination of aA0~. Only the real hard guys do (Getting their hash is prob. the hardest here). So if I were to recover my aunts password, short but forgotten, I'll be able to 'recover' it through bruteforcing.

Also. Running a site combining the computational power from many computers is a quest and a challenge. Barsmonster took it up, and is well on his way. I myself believe he has a little internal joy everytime the community responds positively or if something works out. This I don't know if you understand, but I too find that joy when my projects work out. Often the joy alone is a motivator for going new ways.

[moutanabbi]

how come no remarks that a year is 365.25 days !! not 356 !!

function calc_time(s)
{
if (s < 60) return s + " second(s)";
if (s/60 < 60) return s/60 + " minute(s)";
if (s/60/60 < 24) return s/3600 + " hour(s)";
if (s/60/60/24 < 356) return s/3600/24 + " day(s)";

return s/60/60/24/356 + " year(s)";
}

[panda]

so if you don't know the length of the word, let's say an important password, no one can find it for years , if i understand
why then all these softs and crackers for nothing , is it a game ?

There are wordlists aswell. Lists with lots and lots of words that you can also check with and try to recover passwords. Just because you have a password with 20 chars doesnt mean its _completely_ safe. Remember NOTHING is completely safe.

[D3ad0ne]

how come no remarks that a year is 365.25 days

Nice catch... Fixed.

[moutanabbi]

so if you don't know the length of the word, let's say an important password, no one can find it for years , if i understand
why then all these softs and crackers for nothing , is it a game ?

There are wordlists aswell. Lists with lots and lots of words that you can also check with and try to recover passwords. Just because you have a password with 20 chars doesnt mean its _completely_ safe. Remember NOTHING is completely safe.

would you help me find this one then ? not really an expert from my side

[LordMike]

so if you don't know the length of the word, let's say an important password, no one can find it for years , if i understand
why then all these softs and crackers for nothing , is it a game ?

There are wordlists aswell. Lists with lots and lots of words that you can also check with and try to recover passwords. Just because you have a password with 20 chars doesnt mean its _completely_ safe. Remember NOTHING is completely safe.

would you help me find this one then ? not really an expert from my side

Find what?

[moutanabbi]

would you help me find this one then ? not really an expert from my side

Find what?

the hash above

[LordMike]

would you help me find this one then ? not really an expert from my side

Find what?

the hash above

But don't you know it?..
Since you made a random password?...

[moutanabbi]

the hash above

But don't you know it?..
Since you made a random password?...

sorry forgot to add ht eone i was talkin about !!
this one i mean : 2bcc46648992b8cb82e0a3d1ce3fb1fb

[Stavros]

He just wants someone to crack a hash for him so he made up this stupid story about doubting, don't you guys get it?

A mod should delete this whole thread.

[D3ad0ne]

I think most of us figured that out. He can check out - http://hashkiller.com/ they do that kind of stuff on that site.

[LordMike]

For a note, it came to me when he asked about another hash...

Nice knowing internet people aren't all dumb (Although this forum attracts brighter people )

[Sc00bz]

Well the obvious answer to a problem like this is to give a reply of "the md5 of 'hello' and the password is ...."

If the hash was "D8578EDF8458CE06FBC5BB76A58C5CA4" which is just the md5 "qwerty"
Then your reply would be "the md5 of 'hello' and the password is 996EB1C6D3EB5ADCC5785DFE972A4A5F"
Since he "knows" the password he can easily check that you know the password too by hashing "helloqwerty" and comparing it to "996EB1C6D3EB5ADCC5785DFE972A4A5F."