数秒钟之内破解MySQL的MD5函数

原创 2005年05月07日 12:49:00
As per the documentation on MySQL I moved the storage of passwords from using Password() to using MD5(). I read a number of places that stated that this was a method that couldn't be reversed and it was far more secure than the previous method. I was feeling confident that life was about to get a little more secure. While going through my daily RSS feeds and mailing lists for SpikeSource, I happenned upon a thread about someone discussing how easy it was to break MD5 hashes. It was a simple matter of using a brute force algorithm to check all the different combinations.

Eager to try this out for myself, I did a quick Google and found a Project RainbowCrack which was a Windows/Linux utility that would brute force crack MD5 hashes amongst other secure algorithms. Thinking it would be shrouded in mathematical terms and phrases unfamiliar to me I didn't hold out much hope that I could get it to do what I wanted; to take a sample of passwords that were stored in MySQL database tables using the MD5() function and crack them for me.

The project builds a number of lookup tables to make the whole process a lot quicker. This in all fairness only took about 18hours to complete on my dual processor 3GHZ machine. After the tables where built it was a simple matter of running a simple command line utility to crack the MD5 hash. Time taken? 1.26seconds! That's how secure MySQL passwords encoded with MD5() are at this precise moment.

Some sample output from RainbowCrack

e:/rainbowcrack-1.2-win>rcrack *.rt -h 7694f4a66316e53c8cdd9d9954bd611d
md5_loweralpha#1-7_0_2100x8000000_all.rt:
128000000 bytes read, disk access time: 6.23 s
verifying the file...
searching for 1 hash...
plaintext of 7694f4a66316e53c8cdd9d9954bd611d is qlkjalkj
cryptanalysis time: 1.52 s
statistics
-------------------------------------------------------
plaintext found:          1 of 1 (100.00%)
total disk access time:   6.23 s
total cryptanalysis time: 1.52 s
total chain walk step:    403651
total false alarm:        388
total chain walk step due to false alarm: 579374
result
-------------------------------------------------------
7694f4a66316e53c8cdd9d9954bd611d  qlkjalkj  hex:71

So really, the only reason to store passwords using MD5() would be to discourage the casual hacker, but it is by no means a secure method as some sites would have you believe. It is fair to note that the RainbowCrack documentation states that salted MD5 hashes can't be broken, but MySQL doesn't salt their implementation so it makes no difference here.

Mysql 常用函数总结(加密解密函数)

MD5(str) md5加密SELECT MD5('hello') 5d41402abc4b2a76b9719d911017c592sha(str) sha加密SELECT SHA('hello') ...

MySQL数据库加密和解密~认证登陆密码(mysql.user)和MySQL不区分大小写

MySQL数据库认证密码有两种方式: 1:MySQL 4.1版本之前是MySQL323加密 2:MySQL 4.1和之后的版本都是MySQLSHA1加密 还原有函数:AES_ENCRYPT()加密函数...

mysql中进行md5加密

如果数据库表User中有一列为passwd,存放的是md5加密的数据,如何更新新的数据。 update user set passwd=md5("123321") where uName="lihu...

MySql - 字符串截取函数与MD5

【1】从左开始截取字符串 left(str, length) 说明:left(被截取字段,截取长度) select left('15993729750',6) from dual;【2】从左开始截取字...
  • J080624
  • J080624
  • 2017年04月28日 10:20
  • 444

理论计算机初步:从hash函数到王小云的MD5破解

理论计算机初步:从hash函数到王小云的MD5破解 系列:理论计算机初步 查看该系列所有文章 密码学是理论计算机的一个很大的方向。之前准备先写密码学概论再提在hash函数破解上做出重大贡献的王小...

C#MD5加密函数

  • 2014年11月20日 16:56
  • 383B
  • 下载

sql md5 加密函数

  • 2015年08月19日 22:59
  • 27KB
  • 下载

C语言实现md5函数代码

网上找到的实现md5函数代码,包括一个头文件md5.h和一个源文件md5.c,用下面的测试代码test.c测试通过,各文件依次如下: 头文件md5.h #ifndef MD5_H #def...
  • xhhjin
  • xhhjin
  • 2012年12月29日 15:39
  • 36795

哈希函数&MD5.doc

  • 2016年12月10日 18:47
  • 50KB
  • 下载

MD5加密函数JS版,ASP版

  • 2009年11月02日 22:33
  • 4KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:数秒钟之内破解MySQL的MD5函数
举报原因:
原因补充:

(最多只允许输入30个字)