Quarta-feira , 14 de Março DE 2012

Objective

This blog intends to expose some security algorithms (like MD5, SHA, PGP, etc...) and their respective security breaches / vulnerabilities, even if the only thing useful to post is the code capable of breaking the cyphers created by the used algorithms. 

Be aware that this blog does not support piracy, its only meant to publish breakthroughs about cypher's decryption.

Published by fxsf às 15:29
Terça-feira , 13 de Março DE 2012

MD5

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity.

Based on http://www.zedwood.com/article/121/cpp-md5-functionmd5.h md5.cpp have an implementation of this algorithm. To use this, generateHashMD5.cpp can be executed; it asks for an input (text, numbers, special characters, whatever) and generates a 128-bit hash.

In http://www.knowledgesutra.com/discuss/tmddfi-md5-decryption.html, it is said: "The whole point of MD5 is one way encryption, for things like passwords ..." "... it is impossible to get back the original information because it is either cut or increased to a set length. When people say they can decrypt them back they basically have a massive list of every word in the dictionary and it's corresponding MD5 key and it just searches for that key and gives you a word that will also create the same key, but this doesn't mean it's the original data. This is one reason you should have passwords that are not words, as they can be "decrypted" relatively easily."

This means that, despite the encryption being one way only, brute force attacks (although original data hash may colide with other hash) or dictionary attacks (attacks based on common known words, like http://www.md5decrypter.com/) can find the original data. Based on brute force attacks and the code above, I've created a program that calculates hashes exhaustively, and compares to the given hash; if it matches, the word responsible for that hash is shown. It starts with words of length 1, and increases this length on the go, until it finds one correct answer: decryptMD5.cpp. Any combination of characters can be used.

 

Example of usage:

Compile: 

g++ -g -Wall -o generateHashMD5 generateHashMD5.cpp md5.cpp

g++ -g -Wall -o decryptMD5 decryptMD5.cpp md5.cpp

 

./generateHashMD5

 

Word to encrypt:  ~~~~

md5 of '~~~~':  ed790e134796eb704dd092dde146a792

 

 

./decryptMD5 ed790e134796eb704dd092dde146a792

WORD FOUND:  ~~~~

 
I've used words of length up to 4 characters (4 characters take up to 6 minutes to crack in my laptop), but if you have pacience, feel free to break ANY length word.

 

 

tags:
Published by fxsf às 20:39

About Me

Links