- 07
- Jan
No doubt, Google is the information holder of the universe. Even for your insecure passwords. Not long ago Steven J. Murdoch discovered that you could search Google with the MD5 hash of a password and get results in which contain the password.
In this case, the MD5 is in the URL:
http://freepages.genealogy.rootsweb.com/~camat/harvey/srn/2/0/20f1aeb7819d7858684c898d1e98c1bb.html
Example of MD5 values in a database
If you didn’t know, MD5 hashes are usually stored in databases in place of a password (or to verify file integrity). The password is passed through an algorithm to compute the hash value. This ’secures’ the password and prevents anyone from reading it in plain text. Depending on the size and complexity of your password is how long it takes to reverse engineer the hash back to the original value. This is achieved through a brute force method.
There are some other sites for searching for MD5 values.
What happened in Steven Murdoch’s case is that a Wordpress user elevated his privileges to administrator and comprised the Light Blue Touchpaper Blog. After cleaning up the mess, Steven was investigating and cleaning up after the incident. He was curious to what the password might be, so he pulled it from the Wordpress database and Googled it. There was his answer.
You can compute the MD5 hash of your password online — or if that doesn’t leave you feeling safe you could use xB Browser or a local application.
Interested in recovering MD5 hashes? Rainbow tables anyone?
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Related Posts
Tags: Google, MD5, Password, Security
January 7th, 2008 at 8:06 pm
“…user elevated his privileges to administrator and comprised the Light Blue Touchpaper Blog.”
Sorry, but it is ‘compromised’, right?