The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Decrypting Member passwords...
Is it possible? And if so, how?
|
#2
|
||||
|
||||
No.
If you're using a version of vB where passwords are stored encrypted (hashed, with md5() http://www.faqs.org/rfcs/rfc1321.html), which I assume you are, then no... because the hashing system isn't meant to be reversable. You can try to brute force passwords.... but DAMN, you gotta have a fast computer. I actually started writing one in C the other week, just for fun.... but upon benchmarking it, and finding that to go through all possible combinations, my 500Mhz AMD would take a few thousand years... I thought.... FORGET IT!!! |
#3
|
||||
|
||||
Hey I need a good brute force password program
|
#4
|
||||
|
||||
i got a 2ghz processor... would that be fast enuff?
|
#5
|
||||
|
||||
no you need atleast a 5TB to run it correctly.
|
#6
|
||||
|
||||
Innit.... serious (government type) computer power is needed for really effective brute force.
I first had a small PHP script, which used merged dictionary files and common password files (was over 27Mb in the end) - the script read through each line of the file one by one, encrypted (hashed) the line (word) to the md5 standard and then checked the result against the encrypted (hashed) password I wanted to "crack". Not effective enough.... most peeps these days DO know how to pick secure passwords. A 27Mb dictionary file, didn't crack any of the 3 passwords I tried. That's why I went onto C, hoping to harness it's speed, so I could make a "string ticker", rather like clocking from '000000' right through to 'zzzzzzzzzzzzzzzzzzzz' (or, z * 20). I decided to base the main rule on most people having a password between 6 and 20 characters long, all lowercase, containing only alphanumeric characters. Ticking through the possible combinations, I benchmarked a couple of days (this is from my memory... I can't remember real accurate scores)... but upon adding the MD5 algol., that is, generating the string value, hashing it to an MD5 string, then comparing it against the password to crack... then moving on if no match found..... man... that's when the scores went through the roof like crazy... NOT A CHANCE ON THE HOME COMPUTER!! I thought then, that I could cut out some "noise", by generating the string, then checking for, say, 3+ duplicate characters in a row, if "true", generate again until "false", then hash, then compare. ... a few more "noise" cutting features, then "threading" the routine (high priority thread) to gain as much of the computer power as possible whilst running.... and then seeing how that affected the scores. But man... doesn't it just sound like too much trouble!!! :speechless: :cross-eyed: :nervous: Yep, i'm not one of them geeks that could just work work work in a coding env.... too much work on at the moment already.... and a girlfriend. :cheeky: Basically, don't bother hassling trying to crack passwords, unless you got a couple of £million to spend on a hefty computer, or set of computers. Or, if you can round up a whole community, like this one, to each exectute a section of combinations each...... doubt that very much though. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|