7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat
Worse still, service recommended “short, but difficult to guess passwords.” Continue reading 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat
Category Archives: MD5
Another Day, Another Hack: 7 Million Accounts for Minecraft Community ‘Lifeboat’
Security researcher Troy Hunt obtained data containing email addresses and passwords hashed with the weak MD5 algorithm. Continue reading Another Day, Another Hack: 7 Million Accounts for Minecraft Community ‘Lifeboat’
Migrating password db off MD5 by chaining MD5 and Bcrypt?
I have a legacy system currently storing unsalted MD5 passwords. Unfortunately, some other controls are not in place (like the ability to expire passwords) and I’m trying to upgrade my algorithm to something newer and avoid prompting the … Continue reading Migrating password db off MD5 by chaining MD5 and Bcrypt?
Are there any known MD5 hash collisions of messages of different length?
All the examples of MD5 hash collisions I’ve come across comprise two different messages (inputs) of the same length. The first and second messages have different values for a number of bits and the resulting MD5’s are equal.
Does the theo… Continue reading Are there any known MD5 hash collisions of messages of different length?
Md5 vs Md4 recognition
Is there a way to actually find out whether a hash is MD5 or MD4?
For instance:
10c7ccc7a4f0aff03c915c485565b9da is an MD5 hash
be08c2de91787c51e7aee5dd16ca4f76 is an MD4 hash
I know that there is a difference “security… Continue reading Md5 vs Md4 recognition
Is it possible to find out the salt of a MD5 hash?
I want to know whether it is possible to find out the salt of a MD5 hash?
For instance we’ve got two MD5 hashes
helloworld -> fc5e038d38a57032085441e7fe7010b0
goodbyeworld -> b34266c1c9eda200a0ebb833281bb855
Is it p… Continue reading Is it possible to find out the salt of a MD5 hash?
Autopsy Python Gold Build Module
Basis Technology released a nice tutorial on writing Python modules for Autopsy [1]. Figured, I would start with hash analysis using the built in Hash Lookup module for the National Software Reference Library (NSRL) and VirusShare.com than create a custom gold build hash set.
 |
| Hash Lookup |
The current Minimal Set of the NSRL 249 containing over 42 million known hashes was not posted for download as an Autopsy Hash Index yet. Building your own will involve downloading the reduced minimal hash set [2]. A quick little Python script removes the header and writes only the MD5 hash to a new file. Currently Autopsy has an issue generating the index for large hash sets requiring the NSRL to be split into two chunks. The Unix command ‘wc NSRL.txt’ can be used to determine the number of lines in the file so it can be split evenly with the ‘split -l 21030270 NSRL.txt’ command.
 |
| NSRL Python Code |
VirusShare.com provides hash lists that can be publically downloaded and used to identify over 20 million potentially bad files. The Unix command ‘cat VirusShare_00* | grep -v ‘#’ > VxShare.txt’ will create a single hash file that can be imported into Autopsy.
HashSets.com is another place to get additional known hashes that are not in the NSRL too. It is definitely preferred to generate a Gold Build hash set that is specific to your environment. The Autopsy Python Gold Build Module requires that the hash values have already been calculated prior to execution. Running the Gold Build Module will create a text file containing only unique hash values stored in the case folder called GoldBuild.txt [3].
 |
| Gold Build |
Now that the NSRL, VirusShare.com and the Gold Build output are all in the same format, they can be imported and used to generate hash indexes for comparisons in Autopsy [4]. Only indexes are required for hash analysis to complete. Additional hashes can not be added to an existing index only the hash library through the GUI interface.
Links
Autopsy Python Gold Build Module
Basis Technology released a nice tutorial on writing Python modules for Autopsy [1]. Figured, I would start with hash analysis using the built in Hash Lookup module for the National Software Reference Library (NSRL) and VirusShare.com than create a custom gold build hash set.
|
| Hash Lookup |
The current Minimal Set of the NSRL 249 containing over 42 million known hashes was not posted for download as an Autopsy Hash Index yet. Building your own will involve downloading the reduced minimal hash set [2]. A quick little Python script removes the header and writes only the MD5 hash to a new file. Currently Autopsy has an issue generating the index for large hash sets requiring the NSRL to be split into two chunks. The Unix command ‘wc NSRL.txt’ can be used to determine the number of lines in the file so it can be split evenly with the ‘split -l 21030270 NSRL.txt’ command.
|
| NSRL Python Code |
VirusShare.com provides hash lists that can be publically downloaded and used to identify over 20 million potentially bad files. The Unix command ‘cat VirusShare_00* | grep -v ‘#’ > VxShare.txt’ will create a single hash file that can be imported into Autopsy.
HashSets.com is another place to get additional known hashes that are not in the NSRL too. It is definitely preferred to generate a Gold Build hash set that is specific to your environment. The Autopsy Python Gold Build Module requires that the hash values have already been calculated prior to execution. Running the Gold Build Module will create a text file containing only unique hash values stored in the case folder called GoldBuild.txt [3].
|
| Gold Build |
Now that the NSRL, VirusShare.com and the Gold Build output are all in the same format, they can be imported and used to generate hash indexes for comparisons in Autopsy [4]. Only indexes are required for hash analysis to complete. Additional hashes can not be added to an existing index only the hash library through the GUI interface.
Links
Autopsy Python Gold Build Module
Basis Technology released a nice tutorial on writing Python modules for Autopsy [1]. Figured, I would start with hash analysis using the built in Hash Lookup module for the National Software Reference Library (NSRL) and VirusShare.com than create a custom gold build hash set.
|
| Hash Lookup |
The current Minimal Set of the NSRL 249 containing over 42 million known hashes was not posted for download as an Autopsy Hash Index yet. Building your own will involve downloading the reduced minimal hash set [2]. A quick little Python script removes the header and writes only the MD5 hash to a new file. Currently Autopsy has an issue generating the index for large hash sets requiring the NSRL to be split into two chunks. The Unix command ‘wc NSRL.txt’ can be used to determine the number of lines in the file so it can be split evenly with the ‘split -l 21030270 NSRL.txt’ command.
|
| NSRL Python Code |
VirusShare.com provides hash lists that can be publically downloaded and used to identify over 20 million potentially bad files. The Unix command ‘cat VirusShare_00* | grep -v ‘#’ > VxShare.txt’ will create a single hash file that can be imported into Autopsy.
HashSets.com is another place to get additional known hashes that are not in the NSRL too. It is definitely preferred to generate a Gold Build hash set that is specific to your environment. The Autopsy Python Gold Build Module requires that the hash values have already been calculated prior to execution. Running the Gold Build Module will create a text file containing only unique hash values stored in the case folder called GoldBuild.txt [3].
|
| Gold Build |
Now that the NSRL, VirusShare.com and the Gold Build output are all in the same format, they can be imported and used to generate hash indexes for comparisons in Autopsy [4]. Only indexes are required for hash analysis to complete. Additional hashes can not be added to an existing index only the hash library through the GUI interface.
Links
Why are MD5 and SHA-1 still used for checksums and certificates if they are called broken?
I was just reading about SSL/TLS stuff, and according to this site (which is rated as A by Qualys SSL Labs), MD5 is totally broken, and SHA-1 is cryptographically weak since 2005. And yet, I noticed that a lot of programmers … Continue reading Why are MD5 and SHA-1 still used for checksums and certificates if they are called broken?