Page 2 of 2

Posted: Sat Sep 30, 2006 5:10 am
by TS_Death_Angel
volka wrote:copying code does not improve skills ;)
It will look entirely different when it's done.

Posted: Sat Sep 30, 2006 7:18 am
by Mordred
Here's to all brave knights that attack windmills :)

TS_Death_Angel: If you go and read some theory on the matter at hand, you'll find more efficient methods and more interesting coding challenges. Blind bruteforcing will just get you nowhere. Okay, there are good things to do with dictionaries, but still there are better solutions for the general problem. Look up rainbow tables.

Posted: Sat Sep 30, 2006 3:12 pm
by William
I have always wondered, what would stop someone from doing this:

while($i != 'a') {

$hash[] = md5($i);
$i++;

}

I just put it in an array because I didn't know what else to type up, but if md5 is limited to a 32 bit string, then what would stop someone from just counting up from 0, I'm sure a collision will happen some time... - My thoughts.

Posted: Sat Sep 30, 2006 3:24 pm
by bokehman
William wrote:I have always wondered, what would stop someone from doing this.
Well that is the basis of a brute force attack but all you are doing is creating an array. You are not testing anything.and you are only producing numbers.

To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second. In an average human lifecycle it would be possible to try about 1.7 followed by 14 zeros combos which is just a very small proportion of the total.

Posted: Sat Sep 30, 2006 3:37 pm
by Sema
Currently there are lot of MD5 hash lookup services on the net, and some of them have big databases with MD5 hashes and the data used to generate the MD5 hash.

Posted: Sun Oct 01, 2006 12:17 am
by William
bokehman wrote:
William wrote:I have always wondered, what would stop someone from doing this.
Well that is the basis of a brute force attack but all you are doing is creating an array. You are not testing anything.and you are only producing numbers.

To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second. In an average human lifecycle it would be possible to try about 1.7 followed by 14 zeros combos which is just a very small proportion of the total.
As I posted above, the array was just to give a basic idea of storing the data. I really didn't feel like making a basic storage structure and a search just to ask a simple question, the array was just something to store the values, or I would have been asked why I was just going through a loop. Also, isn't there computers out there that can do more then 100,000 a second?

Posted: Sun Oct 01, 2006 3:50 am
by bokehman
William wrote:Also, isn't there computers out there that can do more then 100,000 a second?
Probably but not your average PC (which has more power than most servers. Using PHP is not a good choice either for this sort of thing. The other thing is a computer trying to brute force something is completely locked up and can't be used for any other task.

Posted: Sun Oct 01, 2006 5:33 am
by aaronhall
bokehman wrote:To be honest brute force is rubbish. There are 16^32 (3.4 followed by 38 zeros) combos and it's only possible to check about 100,000 per second.
But wouldn't it be awesome to fill up a 1.09x10^70 byte hard drive?