数秒钟之内破解MySQL的MD5函数

原创 2005年05月07日 12:49:00
As per the documentation on MySQL I moved the storage of passwords from using Password() to using MD5(). I read a number of places that stated that this was a method that couldn't be reversed and it was far more secure than the previous method. I was feeling confident that life was about to get a little more secure. While going through my daily RSS feeds and mailing lists for SpikeSource, I happenned upon a thread about someone discussing how easy it was to break MD5 hashes. It was a simple matter of using a brute force algorithm to check all the different combinations.

Eager to try this out for myself, I did a quick Google and found a Project RainbowCrack which was a Windows/Linux utility that would brute force crack MD5 hashes amongst other secure algorithms. Thinking it would be shrouded in mathematical terms and phrases unfamiliar to me I didn't hold out much hope that I could get it to do what I wanted; to take a sample of passwords that were stored in MySQL database tables using the MD5() function and crack them for me.

The project builds a number of lookup tables to make the whole process a lot quicker. This in all fairness only took about 18hours to complete on my dual processor 3GHZ machine. After the tables where built it was a simple matter of running a simple command line utility to crack the MD5 hash. Time taken? 1.26seconds! That's how secure MySQL passwords encoded with MD5() are at this precise moment.

Some sample output from RainbowCrack

e:/rainbowcrack-1.2-win>rcrack *.rt -h 7694f4a66316e53c8cdd9d9954bd611d
md5_loweralpha#1-7_0_2100x8000000_all.rt:
128000000 bytes read, disk access time: 6.23 s
verifying the file...
searching for 1 hash...
plaintext of 7694f4a66316e53c8cdd9d9954bd611d is qlkjalkj
cryptanalysis time: 1.52 s
statistics
-------------------------------------------------------
plaintext found:          1 of 1 (100.00%)
total disk access time:   6.23 s
total cryptanalysis time: 1.52 s
total chain walk step:    403651
total false alarm:        388
total chain walk step due to false alarm: 579374
result
-------------------------------------------------------
7694f4a66316e53c8cdd9d9954bd611d  qlkjalkj  hex:71

So really, the only reason to store passwords using MD5() would be to discourage the casual hacker, but it is by no means a secure method as some sites would have you believe. It is fair to note that the RainbowCrack documentation states that salted MD5 hashes can't be broken, but MySQL doesn't salt their implementation so it makes no difference here.

Mysql 常用函数总结(加密解密函数)

MD5(str) md5加密SELECT MD5('hello') 5d41402abc4b2a76b9719d911017c592sha(str) sha加密SELECT SHA('hello') ...
  • qq_17612199
  • qq_17612199
  • 2016年10月08日 15:54
  • 12177

MySQL数据库加密和解密~认证登陆密码(mysql.user)和MySQL不区分大小写

MySQL数据库认证密码有两种方式: 1:MySQL 4.1版本之前是MySQL323加密 2:MySQL 4.1和之后的版本都是MySQLSHA1加密 还原有函数:AES_ENCRYPT()加密函数...
  • typa01_kk
  • typa01_kk
  • 2015年10月15日 19:03
  • 6470

MySQL使用MD5函数加密

$conn = mysql_connect('localhost','root',''); $db = mysql_select_db('myhospitalv2',$conn); mysql_q...
  • zhipeng0520
  • zhipeng0520
  • 2013年12月12日 09:48
  • 3116

mysql之将表中的明文变为MD5

原来表中的密码为明文’123456’mysql> select * from company_qq.current_user; +----+-----------+-------+----------...
  • kaikai_sk
  • kaikai_sk
  • 2016年07月21日 12:23
  • 2182

mysql password和md5函数

mysql> update user_auth set password=md5("123456") where id='1'; Query OK, 1 row affected (0.00 sec...
  • heizistudio
  • heizistudio
  • 2013年01月09日 09:59
  • 1514

mysql数据类型和长度

MySQL数据库中常用字段类型: 整数型:TINYINT,SMALLINT,INT,BIGINT 小数型:FLOAT,DOUBLE,DECIMAL(M,D) 字符型:CHAR,VARCHAR...
  • yufaw
  • yufaw
  • 2012年05月22日 10:37
  • 27775

MD5算法加密~16位、32位、64位

MD5的全称是Message-Digest Algorithm 5(信息-摘要算法)。 MD5算法加密~16位、32位、64位。 1991年,由Ronald L. Rivest开发出来,经MD2、MD...
  • typa01_kk
  • typa01_kk
  • 2015年10月15日 14:39
  • 16451

android用MD5加密解密demo

  • 2016年06月03日 16:38
  • 22.75MB
  • 下载

数秒钟之内破解MySQL的MD5函数

As per the documentation on MySQL I moved the storage of passwords from using Password() to using MD...
  • feng_sundy
  • feng_sundy
  • 2005年05月07日 12:49
  • 1777

MySql - 字符串截取函数与MD5

【1】从左开始截取字符串 left(str, length) 说明:left(被截取字段,截取长度) select left('15993729750',6) from dual;【2】从左开始截取字...
  • J080624
  • J080624
  • 2017年04月28日 10:20
  • 530
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:数秒钟之内破解MySQL的MD5函数
举报原因:
原因补充:

(最多只允许输入30个字)