#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    0

    Just found my md5 on internet - am I in danger ?


    Hi

    I just found my user name (not the one used here, but something very similar)
    in some Internet data base, containing several known hash values (md5, sha, etc).

    My first question is, what is a purpose of such a data bases ?

    And the second, am I in some danger because of this ?

    Thanks in advance for explanations.
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7170
    Do the hash values match any of your passwords?
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    0
    Originally Posted by E-Oreo
    Do the hash values match any of your passwords?
    I will check this and answer here in a few days.

    Thank you for suggestion.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    0
    Using md5 program (google for "md5 c source")
    I computed md5 hashes for some of my passwords.

    Then, I tried Google search, with no hit, fortunately.
    (But md5 of my user name was found by Google).

    So, finally, I don't believe that my accounts were hacked,
    but finding md5 of user name in Internet is still worrisome,
    because, now, user name can be resolved via Google search.

    Or, maybe, I'm missing something ?...

    Thanks for any suggestions.
  8. #5
  9. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7170
    You can look up the md5 hash of practically every short string possible using Google. Unless you found your username and password together, or your username specifically associated with a password hash, there's no indication of any issues.

    The purpose of these databases is to reverse md5 password hashes. This is one reason why md5, specifically unsalted md5, has been worthless for password hashing for many years.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    0
    Thank you.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    0
    Originally Posted by memoonamike
    So the conclusion is that there is no need to worry about this issue.
    In the opposite. This was only my "case".
    Try to find your user name and password MD5's or SHA on net ...

    After some thinking, I believe, that we can fight those hash reversing databases.
    The procedure is simple.
    Just create several "fake" pairs with a word and its hash.
    Publish them over Internet, so the "robots" will "eat" them.

    Say, systematically post "leszek1234" and md5, "leszek1235" and md5.

    After petabytes of "feeding", those db's become useless.

IMN logo majestic logo threadwatch logo seochat tools logo