Posted by : Tom Doyle in (Internet & Computers, Web Development) 21st Nov, 2007
Google - the MD5 password cracker!
The Light Blue Touchpaper blog has revealed that Google is a great tool for hackers looking to crack MD5 encrypted passwords. In the article, Stephen explains how he simply “asked google”, what the MD5 encrypted password that a recent attacker had used on the Light Blue Touchpaper website to gain full administration rights.
Google gladly served up a number of results for the “20f1aeb7819d7858684c898d1e98c1bb” search term. It turns out the password the hacker used was “Anthony”.
This just goes to show how important it is to develop a strong password. Typically people would use the name of their dog, wife, husband or even date of birth as their favourite password. But just look how easily it could be compromised by Google:
And that’s just a small selection of passwords that Google reveals! Here’s a nice little tool that will allow you to check your own password and see if Google has a record of it… http://utilitymill.com/utility/Goog_Your_Hash
How do we stop this, couldn’t a tool be made to like a special router that could be used to stop all this nonsense…
Thanks,
Bill
No tool could be created to stop this. The only way this coule be prevented is if Google put in a filter on their search results to filter out these keys (which would be quite difficult to develop) or people just simply stopped posting the keys on the web!
If there are any secrets, there will always be people out there trying to digg them out…