Comments on: Google as a password cracker http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/ Security Research, Computer Laboratory, University of Cambridge Thu, 18 Mar 2010 03:53:58 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: david http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-51303 david Wed, 10 Mar 2010 19:59:13 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-51303 for some of you looking for a sha1 reverse lookup tool, check this <a href="http://www.stringfunction.com/sha1-decrypter.html" rel="nofollow">sha1 decrypter</a> David for some of you looking for a sha1 reverse lookup tool, check this sha1 decrypter
David

]]> By: david http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-51302 david Wed, 10 Mar 2010 19:57:45 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-51302 hi guys, just found another <a href="http://www.stringfunction.com/md5-decrypter.html" rel="nofollow">md5 decrypter</a> David hi guys,
just found another md5 decrypter
David

]]> By: FoundIt http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31693 FoundIt Thu, 06 Aug 2009 19:02:03 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31693 Google Hash: md5(jesus) = 110d46fcd978c24f306cd7fa23464d73 It worked for Jesus! Google Hash: md5(jesus) = 110d46fcd978c24f306cd7fa23464d73

It worked for Jesus!

]]> By: Arya http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31472 Arya Mon, 20 Jul 2009 10:49:09 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31472 NIce-let us if you people can crack a pass with One capital letter+small letter+number+special character in it+upto 8 char long. Though there is a way NIce-let us if you people can crack a pass with One capital letter+small letter+number+special character in it+upto 8 char long.
Though there is a way

]]> By: John http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31254 John Tue, 07 Jul 2009 15:48:27 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31254 You got pretty lucky that the password was a common/proper dictionary word. I just did a few tests by adding numbers onto some simple random words, and google didn't have anything indexed. Another vote for John The Ripper though. The rules engine is very good and will find things like that quickly. An interesting project would be to develop a tool that would test your clear text password against all the common variation algorithms and help you to pick a password with a high probability of needing a pure brute force crack to discover. Much better than the simple "one letter, one number, one symbol" requirement that a lot of services are doing these days. You got pretty lucky that the password was a common/proper dictionary word. I just did a few tests by adding numbers onto some simple random words, and google didn’t have anything indexed.

Another vote for John The Ripper though. The rules engine is very good and will find things like that quickly.

An interesting project would be to develop a tool that would test your clear text password against all the common variation algorithms and help you to pick a password with a high probability of needing a pure brute force crack to discover. Much better than the simple “one letter, one number, one symbol” requirement that a lot of services are doing these days.

]]> By: Leo Kelly http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31046 Leo Kelly Tue, 19 May 2009 02:55:35 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31046 I use http://www.md5crack.com for everything..sometimes it can be a little off, though I use http://www.md5crack.com for everything..sometimes it can be a little off, though

]]> By: brayan http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31035 brayan Mon, 11 May 2009 00:29:29 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31035 mirar contraseƱa mirar contraseƱa

]]> By: Lynks http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-31022 Lynks Wed, 29 Apr 2009 23:09:08 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-31022 http://md5.rednoize.com/ has never failed me, and it's even google-themed http://md5.rednoize.com/

has never failed me, and it’s even google-themed

]]> By: linux0wner http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-29765 linux0wner Thu, 28 Aug 2008 09:23:57 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-29765 This is a reverse search for sha-1: http://www.sha1-lookup.com This is a reverse search for sha-1: http://www.sha1-lookup.com

]]> By: ana http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/comment-page-3/#comment-29742 ana Thu, 21 Aug 2008 13:37:28 +0000 http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/#comment-29742 wordpress seem to have many security issues. And so does this site ;) For example when you go the the login page, you can 'test' if there is a username 'admin' (or any other name). If so, then bruteforcing could be tried. also, often wordpress folders like /wp-content/plugins/ or /wp-admin/ are readable. It shows what plugins you use, and often reveals the full path of your files by directly accessing the php files. wordpress seem to have many security issues.

And so does this site ;)
For example when you go the the login page, you can ‘test’ if there is a username ‘admin’ (or any other name). If so, then bruteforcing could be tried.
also, often wordpress folders like
/wp-content/plugins/ or /wp-admin/ are readable.
It shows what plugins you use, and often reveals the full path of your files by directly accessing the php files.

]]>