Forgotten your password? Google for It
You break into the blog of a security team - worthy of crowing to your friends. But they break your password back - using Google.
You shouldn't, in theory, be able to extract the original text from an MD5 hash. That would take millions, or at least thousands, of computers running all the time.
But Steven Murdoch began thinking. Who is there out there who has thousands of computers running all the time? Um, everyone. And some might be generating MD5 hashes and putting them on the web...
He took the hash - 20f1aeb7819d7858684c898d1e98c1bb - from the database and stuck it into Google. Lo and behold, it turned out to be "Anthony".
You shouldn't, in theory, be able to extract the original text from an MD5 hash. That would take millions, or at least thousands, of computers running all the time.
But Steven Murdoch began thinking. Who is there out there who has thousands of computers running all the time? Um, everyone. And some might be generating MD5 hashes and putting them on the web...
He took the hash - 20f1aeb7819d7858684c898d1e98c1bb - from the database and stuck it into Google. Lo and behold, it turned out to be "Anthony".
Worrisome though, if it worked there, what about your own favorite password? Well, the article goes on to give a test you can apply; for us, we were safe, for you ... ?
