decrypted pwd

"Don V. Soledad" <don.soledad@uratex.com.ph> writes:

is there a way to retrieve a user's decrypted password,

If you find a way to break MD5, a lot of people will be very very
interested.

regards, tom lane

On Sat, 6 Sep 2003, Don V. Soledad wrote:

good day!

is there a way to retrieve a user's decrypted password, just like when i
issued a "SELECT * FROM pg_shadow;" in the earlier version of postgresql?

Sure, here's the simple method:

1: Generate a list of all possible passwords.
2: Generate an md5 sig for each one.
3: Compare your infinite number of md5 sigs to the one stored for the
user. When they match, you've got the original password, or at least a
password that will work just like the original.

I think the total computer time required to do this is something on the
order of a few thousand years, so it might take a rather large farm of
machines in a cluster to do this.

On Mon, Sep 08, 2003 at 08:53:26 -0600,
"scott.marlowe" <scott.marlowe@ihs.com> wrote:

3: Compare your infinite number of md5 sigs to the one stored for the
user. When they match, you've got the original password, or at least a
password that will work just like the original.

It is probably worth trying to spend some time trying to find a finite
set of passwords that are guarenteed to be generators for all possible
MD5 hashes (or at least those than can possibly occur), so that you can
finish the computation in finite time.

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

On Mon, Sep 08, 2003 at 08:53:26 -0600,
"scott.marlowe" <scott.marlowe@ihs.com> wrote:

3: Compare your infinite number of md5 sigs to the one stored for the
user. When they match, you've got the original password, or at least a
password that will work just like the original.

It is probably worth trying to spend some time trying to find a finite
set of passwords that are guarenteed to be generators for all possible
MD5 hashes (or at least those than can possibly occur), so that you can
finish the computation in finite time.

If I rememberate correctificantly, it would take more storage than all the
atoms in the universe to store all the possible md5 sigs. Or somthing
similarly large. But if it's an excuse to buy a massive storage array,
I'm all for it. :-)

"scott.marlowe" <scott.marlowe@ihs.com> writes:

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

It is probably worth trying to spend some time trying to find a finite
set of passwords that are guarenteed to be generators for all possible
MD5 hashes (or at least those than can possibly occur), so that you can
finish the computation in finite time.

If I rememberate correctificantly, it would take more storage than all the
atoms in the universe to store all the possible md5 sigs. Or somthing
similarly large. But if it's an excuse to buy a massive storage array,
I'm all for it. :-)

I think Bruno was making a funny... :)

-Doug

On Mon, 2003-09-08 at 11:32, Doug McNaught wrote:

"scott.marlowe" <scott.marlowe@ihs.com> writes:

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

It is probably worth trying to spend some time trying to find a finite
set of passwords that are guarenteed to be generators for all possible
MD5 hashes (or at least those than can possibly occur), so that you can
finish the computation in finite time.

If I rememberate correctificantly, it would take more storage than all the
atoms in the universe to store all the possible md5 sigs. Or somthing
similarly large. But if it's an excuse to buy a massive storage array,
I'm all for it. :-)

I think Bruno was making a funny... :)

But any true geek will look for *any* excuse to buy more hardware.

Also, if I remember properly, the estimates are that there are 10^70
atoms in the known Universe. That equates to ~2^233.

--
-----------------------------------------------------------------
Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA

"Knowledge should be free for all."
Harcourt Fenton Mudd, Star Trek:TOS, "I, Mudd"

On Mon, 8 Sep 2003, Ron Johnson wrote:

On Mon, 2003-09-08 at 11:32, Doug McNaught wrote:

"scott.marlowe" <scott.marlowe@ihs.com> writes:

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

It is probably worth trying to spend some time trying to find a finite
set of passwords that are guarenteed to be generators for all possible
MD5 hashes (or at least those than can possibly occur), so that you can
finish the computation in finite time.

If I rememberate correctificantly, it would take more storage than all the
atoms in the universe to store all the possible md5 sigs. Or somthing
similarly large. But if it's an excuse to buy a massive storage array,
I'm all for it. :-)

I think Bruno was making a funny... :)

But any true geek will look for *any* excuse to buy more hardware.

Also, if I remember properly, the estimates are that there are 10^70
atoms in the known Universe. That equates to ~2^233.

Yeah, it may have just been atoms on planet earth or the solar system or
something. Last estimate of atoms in the known universe was 2^150 or so.
Of course, the universe is expanding :-)

On Mon, 2003-09-08 at 14:30, scott.marlowe wrote:

On Mon, 8 Sep 2003, Ron Johnson wrote:

On Mon, 2003-09-08 at 11:32, Doug McNaught wrote:

"scott.marlowe" <scott.marlowe@ihs.com> writes:

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

[snip]

Also, if I remember properly, the estimates are that there are 10^70
atoms in the known Universe. That equates to ~2^233.

Yeah, it may have just been atoms on planet earth or the solar system or
something. Last estimate of atoms in the known universe was 2^150 or so.
Of course, the universe is expanding :-)

But not the number of atoms. And not the atoms, either!!!

How off topic is this?

--
-----------------------------------------------------------------
Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA

The difference between Rock&Roll and Country Music?
Old Rockers still on tour are pathetic, but old Country singers
are still great.

providing one knows the original contents of the blocks in the md5 call.

Bruno Wolff III wrote:

Ron Johnson wrote:

On Mon, 2003-09-08 at 14:30, scott.marlowe wrote:

On Mon, 8 Sep 2003, Ron Johnson wrote:

On Mon, 2003-09-08 at 11:32, Doug McNaught wrote:

"scott.marlowe" <scott.marlowe@ihs.com> writes:

On Mon, 8 Sep 2003, Bruno Wolff III wrote:

[snip]

Also, if I remember properly, the estimates are that there are 10^70
atoms in the known Universe. That equates to ~2^233.

Yeah, it may have just been atoms on planet earth or the solar system or
something. Last estimate of atoms in the known universe was 2^150 or so.
Of course, the universe is expanding :-)

But not the number of atoms. And not the atoms, either!!!

Actually the number of atoms is decreasing, making it more and more
likely that the Hubble constant is lower than 1, which finally means
that it'll expand forever and become a dark and empty, nearly atomless
awfull lot of wasted space.

Fortunately we don't have to witness the end of the known Universe and
it will end since it only expands forever, not a single second longer.

Probably we have to witness the end of the known Internet soon. See

http://www.1112.net/lastpage.html

If nobody finds a way to extend the Internet past that page, oh my ...

How off topic is this?

Off topic enough!

Jan

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck@Yahoo.com #