« Firefox Adsense WordPress PluginHackers Declare Total War against Scientology »
Web Applications like phpBB, WordPress, almost all online apps with authorization capability store user passwords by creating an encrypted hash of your password. The hash is unique to the password so hashing the password in the future will result in the same hash every time.
Usernames and Hashes
So if your password is google and your username is rocks, your app will store you as [user:md5 hash of google] When you enter your username and password to login later, the app compares the md5 hash of your submitted password to the stored hash.
rocks=c822c1b63853ed273b89687ac505f9fa
Cracking Hashes
A hash is encrypted, meaning you can’t reverse-engineer it to find the plain-text. So to crack a hash you have to create a hash for each guess until the hashes match, which tells you the plain-text of the encrypted password.
Rainbow Tables
To speed up this process programmers have created pre-generated tables containing trillions of [plaintext=hash]. So you can quickly search a table for the encrypted hash, and if it finds a match it tells you the decrypted plaintext string.
Test Your Password
I’ve put up a new tool to check the strength of your password hash, which you can use to see if one of your md5 or sha1 password hashes have already been cracked (meaning they are in the rainbow table), so you can be proactive in your security posture.
If you have a user account on forum software like phpBB, or really any web application that stores hashes in a database of some kind, you should find your hash and test it. If it is cracked then you should change your password to include both numbers, symbols, and letters at least 8 characters long.
You can also enter in a plaintxt password and the tool will compute the md5 and sha1 hashes of that password and test those. Your plaintext password is never directly sent to a server, but the md5 and sha1 hashes are.
« Firefox Adsense WordPress Plugin
Hackers Declare Total War against Scientology »
Similar Reads
- Top 5 Vulnerability Port Scanners
- Pen-testing Security Tools
- Advanced WordPress wp-config.php Tweaks
- AskApache Password Protection, For WordPress
- Debug apache log files from php
- Log all .htaccess/.htpasswd logins
- COMPUTER SECURITY TOOLBOX
- Security Enhancing with htaccess
- Security with Apache htaccess Tutorial
- htaccess HTTPS / SSL Tips, Tricks, and Hacks
- Update: AskApache Password Protect Plugin
- New Version of Password Protection Plugin
- Changing Any Password On XP
- Apache Authentication in htaccess
- WordPress Plugin for Apache .htaccess Security
My Picks
- THE Mod_Rewrite Cheatsheet
- AskApache .bash_profile
- Elite Log Viewing
- THE Ultimate Htaccess
- Intense Windows Speed
- DNS: Round Robin Speed
- Fsockopen: Nuts
Related Articles
- Top 5 Vulnerability Port Scanners
- Pen-testing Security Tools
- Advanced WordPress wp-config.php Twea
- AskApache Password Protection, For Wo
- Debug apache log files from php
- Log all .htaccess/.htpasswd logins
- COMPUTER SECURITY TOOLBOX
- Security Enhancing with htaccess
- Security with Apache htaccess Tutoria
- Update: AskApache Password Protect Pl
- New Version of Password Protection Pl
- Changing Any Password On XP
- Apache Authentication in htaccess
Newest Posts
- Update: Best Free Online Banking
- Firefox Add-ons for Web Developers
- Optimizing Servers and Processes for Speed with ionice, nice, ulimit
Random
Donate
Please consider donating to support active development of the free software and articles here.
Good Causes
The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee
Reader Comments
It's very simple - you read the protocol and write the code. -Bill Joy
HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST
↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd
Ok sounds all good but how do you get you hash for you password?