Tag Archives: hash

Ravan, password cracking using Javascript!

Ravan is a new password cracking tool based on Javascript.

Wait, what ? Javascript ? Yes, as the author explains, modern Javascript engines are not so slow anymore, and in addition HTML 5 brings a new “feature” with webworkers which allow the browser to run Javascript in the background (e.g without waiting on the page executing the script).

Combine it with several computers connecting to the same page executing a password cracking script and you get easily quite a powerful distributed password cracker.

Visit this page for more details.

SHA-1 vulnerable : consider SHA-2

Not long after md5, the computation progress has made another victim.

Last week, it was made public that the SHA-1 hash function should be now considered vulnerable. The discovery bring up that the computation to create a collision hash has been dramaticaly reduced. As a consequence, the SHA-1 function can’t warranty anymore the uniquity – and so the integrity – of the hashed object.

There are a few ressources :

This is the natural evolution of cryptography. Stronger cryptography is required against stronger CPU power. In this race, it is now suggested to migrate to SHA-2 whose digest lenghts range from 224 to 512 bits (instead of 160 bits for SHA-1). And until next time, where we will be urged to migrate to SHA-3 ;)

Debian, whose infrastructure was based on SHA-1 (package management, development) is quickly migrating all its keys right now. The procedure the Debian people should follow implies a transition period, where the new key will be signed with the former key, until the latter is revoked. Thus until all peers are updated too, to avoid breaking all the signing infrastruture.

Myself, I ugraded my keys from DSA/1024 bits to RSA/4096 bits (with SHA-2 hashing), so it should be ok for a while. You will find my new key here or linked from the contact page.

md5 hash googling – and WordPress password weakness

Some Md5 password implementation – without a salt, become more insecure than ever. There is an issue right now with WordPress, I hope they will fix it soon !

Check this interesting article.

No need to take out your rainbow tables anymore, just google your hash ! I hope your password is strong enough…

You could also use one of these :