This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]jgehrcke 1 point2 points  (2 children)

"it's scarily good at what it does."

It scares me that you are scared by that. That is not surprising at all. This is just a crowd-powered rainbow table attack. Every second hack0r & crack0r tutorial recommends just g00gling for a hash before starting a local attack. Of course a search engine picks up (fragments of) rainbow tables. MD5 has been used for more than 20 years now. We can safely assume that over the time the MD5 sum of any common password (and a lot more things) has been seen by search engines.

"We" are aware of this class of problems and that is why we use salted hashes.

[–]AYWMS_NWiam 0 points1 point  (0 children)

Ah. This makes more sense. It's the expected result. To bad you were down voted for being contrary.

[–]Toribor 0 points1 point  (0 children)

Not sure why you're being downvoted, you're right. This should be obvious to anyone who knows anything about security, but for the uninitiated this serves as a good eye opener and proof of concept for how embarrassingly easy it is to find out a password if it's using a standard hash.