Follow us on Twitter!
Ideas are far more powerful than guns.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Difference between DES and MD5.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 10-04-08 14:06
I noticed that while there are many websites offer online cracking facilities for both LM and MD5 passwords, why is it there are none for DES?

And even though MD5 can be secured by adding a salt to the password before hashing them, most sites don't. Doesn't this makes MD5 a mostly insecure encryption format?

I've done a google search on this topic, and it seems that some people favor DES over MD5 for their encryption, other than Blowfish, SHA and several other formats.

So, i want to ask this question: Why is it that the fact that MD5 and DES are both insecure, lots of sites and applications still use them for their cryptography needs?

And is it true that the best way to crack a DES password is by brute forcing it compared to cracking it using a wordlist?



img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 10-04-08 14:07
catinthecpu@hotmail.com
Author

RE: Difference between DES and MD5.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-04-08 14:38
md5 is not an encryption its a hashing algorithm, that means once used u cant decrypt the data. That makes it useless if its not for password protection.

DES is an encryption and became a standard long time ago, and today its useless! first of all because of the insufficient key length (and the NSA worked on it Pfft), but answering your question will be hard ^^.

why do people use old things instead of new once ? why is FAT32 still so widely used ? why do some admin's use textfiles instead of databases ?

could be that no one knows better...


Author

RE: Difference between DES and MD5.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 10-04-08 14:57
sacman wrote:
md5 is not an encryption its a hashing algorithm, that means once used u cant decrypt the data. That makes it useless if its not for password protection.

DES is an encryption and became a standard long time ago, and today its useless! first of all because of the insufficient key length (and the NSA worked on it Pfft), but answering your question will be hard ^^.

why do people use old things instead of new once ? why is FAT32 still so widely used ? why do some admin's use textfiles instead of databases ?

could be that no one knows better...


woops. yeah, i must have misread the article on MD5, it is a hashing algorithm.

and people may still use old things out of familiarity, i guess.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: Difference between DES and MD5.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-04-08 19:02
fuser wrote:
So, i want to ask this question: Why is it that the fact that MD5 and DES are both insecure...


It is the string that is insecure not the hashing algorithm. As you know, there is no patch to human stupidity. Well, if you are going to be storing hashes, you need to add prerequisites for a strong string password to be hashed. Prerequisites such as the length of the string password and what type of characters that are used. If you wanted to, you could right a little script to check for some dictionary words and common passes. Also add salt to the hash. It all comes down to forcing the user to do shit correctly.