June 20th, 2012, 01:20 PM
Just found my md5 on internet - am I in danger ?
I just found my user name (not the one used here, but something very similar)
in some Internet data base, containing several known hash values (md5, sha, etc).
My first question is, what is a purpose of such a data bases ?
And the second, am I in some danger because of this ?
Thanks in advance for explanations.
June 20th, 2012, 06:40 PM
Do the hash values match any of your passwords?
June 21st, 2012, 12:56 PM
I will check this and answer here in a few days.
Originally Posted by E-Oreo
Thank you for suggestion.
June 24th, 2012, 04:13 AM
Using md5 program (google for "md5 c source")
I computed md5 hashes for some of my passwords.
Then, I tried Google search, with no hit, fortunately.
(But md5 of my user name was found by Google).
So, finally, I don't believe that my accounts were hacked,
but finding md5 of user name in Internet is still worrisome,
because, now, user name can be resolved via Google search.
Or, maybe, I'm missing something ?...
Thanks for any suggestions.
June 24th, 2012, 08:10 AM
You can look up the md5 hash of practically every short string possible using Google. Unless you found your username and password together, or your username specifically associated with a password hash, there's no indication of any issues.
The purpose of these databases is to reverse md5 password hashes. This is one reason why md5, specifically unsalted md5, has been worthless for password hashing for many years.
June 24th, 2012, 08:17 AM
In the opposite. This was only my "case".
Originally Posted by memoonamike
Try to find your user name and password MD5's or SHA on net ...
After some thinking, I believe, that we can fight those hash reversing databases.
The procedure is simple.
Just create several "fake" pairs with a word and its hash.
Publish them over Internet, so the "robots" will "eat" them.
Say, systematically post "leszek1234" and md5, "leszek1235" and md5.
After petabytes of "feeding", those db's become useless.