We know the MD5 was vulnerable.
All the more reason to move away from it.
Or better yet, be able to choose our own hash.
SW
On 7/6/2012 2:38 PM, Gary Mort wrote:
Think your Joomla! password is secure? Here is a simple test[assuming
it is under 15 charectors long]
Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for
your operating system.
To check just YOUR password, run the gui , use either plus or lite,
and enter your password hash[from the database] in the field. Select
the Joomla hash type - and then go ahead and run the cracker. See
how long it takes to figure out your password.
If your using a dictionary method, you'll need one or more wordlists,
you can get some dictionaries from
http://www.skullsecurity.org/wiki/index.php/Passwords
If you have a website with lots of users that you want to check,
instead you can run
select `password` from #__users [replace #__ with your prefix. :-)] -
and export the list to a text file to give to oclhashplus
Most password crackers around are limited to passwords of less than 16
chars[because beyond that, the algorithms change for efficient
lookups] - so while making your own passwords greater than 16 chars
doesn't mean instant security, it does mean that it is beyond the
scope of script kiddies who just download crackers from the internet
and don't know how to write their own.
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
