Finding WordPress hash

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Re: Finding WordPress hash

Post by -Ninjex- on Tue Apr 16, 2013 9:04 am
([msg=75155]see Re: Finding WordPress hash[/msg])

sordidarchetype wrote:
-Ninjex- wrote:It's not a misconception that "L1quiiD-N!TroG3n" will be more secure than "bobjoe1", that is my argument.
If it wasn't more secure, we wouldn't have such a difficult time creating passwords for hts ;)


I just checked with a few of my friends, and at least three of them have liiquid-nitrogen and liquiid-nitrogen in their dictionaries.

Just to put this in perspective, one of them ran a quick test against an md5 of L1quiiD-N!TroG3n using the new leetspeak rules and it fell within 10 minutes.

I figured that was worth mentioning.


Go compare that to the amount of dictionaries with "bobjoe1" now.
Also keep in mind with a large database dump via SQLi, the attacker would probably run plain text MD5 checks, and not use the leet ruleset.

Impossibility is never a factor. I am stating that if you do as said, it will be more secure. Your argument isn't based correctly. Any password can be cracked or reversed.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1306
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by sordidarchetype on Tue Apr 16, 2013 9:26 am
([msg=75156]see Re: Finding WordPress hash[/msg])

-Ninjex- wrote:Go compare that to the amount of dictionaries with "bobjoe1" now.
Also keep in mind with a large database dump via SQLi, the attacker would probably run plain text MD5 checks, and not use the leet ruleset.

Impossibility is never a factor. I am stating that if you do as said, it will be more secure. Your argument isn't based correctly. Any password can be cracked or reversed.


Actually, team hashcat uses the leetspeak rules a lot. You'd be surprised at the percentage of passwords it can pick up (and for that matter, markov chaining models).

Anyway, my argument was merely that liquid nitrogen (even in leetspeak) is not necessarily harder for a dictionary attack, which is what you originally claimed. HOWEVER, using the same rules you provided earlier:
"LqD 7h!!N 1-,,g+" would actually be extremely difficult for a dictionary.

Just for clarity, I am not saying that your recommendations are incorrect, I am just saying be careful what passwords you do select, because even with those guidelines, pattern prediction is your biggest enemy.
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by -Ninjex- on Tue Apr 16, 2013 10:45 am
([msg=75157]see Re: Finding WordPress hash[/msg])

sordidarchetype wrote:Anyway, my argument was merely that liquid nitrogen (even in leetspeak) is not necessarily harder for a dictionary attack, which is what you originally claimed.


That argument is false.

Here, let me know when you find the original value of this hash: 01526fa0bdb650a30fc1f512da6f6504

I would be surprised if it was relatively fast
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1306
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by sordidarchetype on Tue Apr 16, 2013 3:12 pm
([msg=75164]see Re: Finding WordPress hash[/msg])

-Ninjex- wrote:Here, let me know when you find the original value of this hash: 01526fa0bdb650a30fc1f512da6f6504

I would be surprised if it was relatively fast


So far this has been running for about 3 hours. Honestly, I don't feel like putting any more time into this, as I am in the middle of a few other challenges, so I will concede this one.
:)

Even so, my original statement stands: just be careful what you pick as a password.
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by KCCTech on Tue Oct 29, 2013 9:41 pm
([msg=77910]see Re: Finding WordPress hash[/msg])

Your wordpress password would easily be found provided you don't implement the proper security. There are plugins for wordpress that will let you rename your database tables to prevent nosy nancies from finding them as easily as it would be for someone who knows the name of the tables. I would recomend "Acunetix WP Security" (https://www.acunetix.com/websitesecurit ... ty-plugin/).

Something funny I noticed:
Image
KCCTech
New User
New User
 
Posts: 2
Joined: Tue Oct 29, 2013 9:22 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by hellow533 on Tue Oct 29, 2013 10:36 pm
([msg=77911]see Re: Finding WordPress hash[/msg])

It's 6 months old, I think it hit the necro stage.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by Goatboy on Wed Oct 30, 2013 6:15 pm
([msg=77929]see Re: Finding WordPress hash[/msg])

Slow down there, cowboy. Let's see what he thought was so funny.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2821
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Finding WordPress hash

Post by mShred on Thu Oct 31, 2013 9:11 pm
([msg=77959]see Re: Finding WordPress hash[/msg])

I'm honestly not sure what is so funny about that picture... But I'll give it another day to find out.
Then I shall proceed with the lockings.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1716
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Finding WordPress hash

Post by centip3de on Thu Oct 31, 2013 11:43 pm
([msg=77963]see Re: Finding WordPress hash[/msg])

Goatboy wrote:Slow down there, cowboy. Let's see what he thought was so funny.


mShred wrote:I'm honestly not sure what is so funny about that picture... But I'll give it another day to find out.<br>Then I shall proceed with the lockings.


Hey, everyone, I'll tell you what he thought was funny:

He's promoting the "Acunetix WP Security", which is the same thing the advertisement in the picture was promoting.

Okay, this thread is done now.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1423
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Previous

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests