Wednesday, December 7, 2011

Cracking MD5 … with Google?!


http://www.flickr.com/photos/antichrist/2185279568/
Here's a piece of news that will worry anyone interested in security (which should be pretty much everyone who reads Network World): A programmer by the name of Juuso Salonen has created a Ruby script called BozoCrack that cracks MD5 hashed passwords with remarkable success and with very little effort.
Before we go any further, let's have a little background: Computer systems need a mechanism to authenticate users and processes so that the good guys can get in to do work and the bad guys are locked out.
The most common authentication method is to use a name and a password, but if you were to store the password in plaintext on the system you would run the risk that passwords could be exposed. A common solution is to not store the password at all but instead keep something called an MD5 hash of the password.