MD5 Cracker (How safe is your password?)
I wrote this script out of curiosity after having read a question posted on a web forum as to how secure passwords are once they have been encrypted as an MD5 hash. Looked at briefly an MD5 hash is a 32 character hexadecimal string giving an absolutely incomprehensible number of combinations.
To set about cracking the MD5 hash I decided to start with brute force alone and see how I got on. Brute force is where one tests every single possible combination with the hope of finding a match. The ASCII character set contains 128 characters, the first 32 of which are non-printing characters, leaving 98 which can be entered into web based forms. This give some 8.5 million billion combinations for a typical 8 character password (98^8).
I wrote a script and benchmarked it and found it to be checking some 43 thousand combinations per second which equates to about 6500 years for a full pull against an 8 character password (a bit too long for my liking). The script was a success though and had no problem cracking a 3 character password in less than 20 seconds.
And so on to the Mark II version (this script). This one carries out what is known as a dictionary attack. It checks for the password against a known list which in this instance is made up of some 120 thousand English words, 10 thousand given names and all the numbers between 0 and 99999. Anyway you can use the preceeding form to enter a hash for this script to attempt to decode. If you do not have a hash generator use the "MD5 Hash it" button to encode the word before trying to crack it.
You may have heard that the SHA1 algorithm is stronger but no, in this situation it is the strength of the password and not the strength of the algorithm that is being tested so an identical script set up to check against SHA1 encryption would perform in a similar fashion.
Finally, don't take this script too seriously; it's just a bit of fun and hopeful it might be a wake up call for those whose passwords aren't too strong.