Quote:
Originally Posted by NewUser2.0
The purpose of this would be?
And for those "worried" don't let the above guy scare you, your passwords are md5 encrypted, which **** near impossible to decrypt. Shame the oh so great hacker didn't know that.
reported.
|
md5 encrypted? near impossible to decrypt?
I'll let you in on a secret. You can crack your forum users passwords.
Dont let the above guy fool you, your password can be cracked. That, and he doesn't even know what hes talking about. If it was encrypted in plain MD5, you can use rainbow tables which is around 400 gigabytes of passwords now.
However, vBulletin stores passwords in this format:
md5(md5($pass).$salt)
That means yes, it is technically hashed as an MD5 but it also double hashes it and a salt is randomly generated on each new password so even if two users had the same password of "test", they would both have different hashes and salts.
Sound uncrackable? Hardly. A single 3.2ghz CORE (one core) can brute force at around 2.7m passwords a second. Put that on an I7 and thats roughly 10m/sec.
Ever heard of GPGPU? It uses your video card to do it instead. Video cards are
immensely more powerful than CPUs. The vBulletin hashing type can be cracked at around 250 MILLION per second.
Edit:
Oh, forgot to mention. Since most users dont bash their head on the keyboard to make a pass and rather uses words, a dictionary attack can go at about 2m/sec per core. If you use mutations, the efficiency of a dictionary attack will be above 95%.