Big Trapeze

… or “Using Google and Yahoo to Light-Force An (Almost) Infinite Dictionary”

I read an article recently about using Google to search for plaintext equivalents of MD5 hashes. Basically, you search for the hash (something like, “5f4dcc3b5aa765d61d8327deb882cf99″) and look through the results for the plaintext equivalent (in this case, “5f4dcc3b5aa765d61d8327deb882cf99″ is equal to “password”).

It got me thinking about when I wore the Grey Hat in the old days, and I would download dozens of wordlists to use for my brute-force attempts at cracking Windows NT passwords (for educational purposes only :). If you consider the *illions of pages in the internet, you can essentially utilize them as a massive wordlist, or “webtionary”, for cracking.

Using PHP, I whipped up a script that searches both Google and Yahoo for the MD5 hash, then takes the results, sorts them by frequency of word, and hashes each word to try to match to the original query.

There are sites that let you search their huge databases of MD5 hashes and their plaintext-equivalents, but that’s not the point here. The point is using search results and sifting through a few hundred words of search results–which is more efficient that searching a few million rows, though not as successful. But, I was surprised at how many times the script quickly deciphered a hash. Try it yourself, and send me any improvements that could be made to the code to make it even more efficient.

The MD5 Cracker in action…

Source Code

America is abuzz with political noise, and it’s got me thinking about the candidates in terms of programming languages. In no particular order…

Hillary Clinton is Javascript.

Before I offend anyone that thinks I’m relegating her to such a small and insignificant language, think about Javascript. It’s loosely based off of a programming monster, Java (aka Bill Clinton). It’s the heart and soul of a lot of stuff you see on the web today, like AJAX or JQuery. A lot of those fancy things you love about sites like Flickr or Facebook are filled with Javascript. And, just like Javascript, she’s got the backing of a lot of big players and the pedigree of a respected and well-tested precursor.

Mitt Romney is C/C++.

Romney is one of the more well-funded candidates on the campaign trail. Like Romney, deep-pocketed Bell Labs’ C (and it’s compliment, C++), have features that are admired by many, but its colleagues seem to be growing tired of its rhetoric, and often team up against it much like the candidates at the New Hampshire debates teamed up against Romney. It’s losing ground to “web-based” languages like PHP and Ruby on Rails, but still holds a significance to many people.

John Edwards is ColdFusion.

Edwards has been around the block a couple of times, first as running mate with Al Gore, and now trending towards being a possible running mate again after trailing to bigger candidates in the last few primaries. ColdFusion is a very capable language, able to power even the largest of sites (hello, MySpace), but is typically seen as a runner-up to some of the bigger boys in the web-language field.

Mike Huckabee is PHP.

If only for the reason that Huckabee has Chuck Norris as his biggest “Hollywood” supporter, Huckabee is the tough and no-nonsense PHP. Like its conservative counterpart, PHP is known for providing a solid set of tools and having a vocal group of ardent supporters. It’s relatively extendable, easy to like, and performs well in public–just look at Facebook for PHP in action.

Fred Thompson is Flash.

If Flash had a counterpart in the political realm, it would be one-time senator and part-time actor Fred Thompson. Granted, Mr. Thompson himself isn’t all that flashy, but Hollywood is. And you can pair Flash’s ActionScript with Thompson’s turn in “action thrillers” like Die Hard 2 and The Hunt for Red October. Like Flash, Thompson has his niche but probably won’t provide much in terms of real relevance to the race, but he’s still useful and interesting nonetheless.

John McCain is Perl.

Perl is your dad’s pocket knife that’s been handed down for a few generations. It’s seen a lot, been in a few scrapes, and is always better for the wear. Perl as McCain is old, and slowly losing its effectiveness, but provides those who know how to use it a vast amount of influence and power. Aging well, it shows that no matter who or what steps forward as a new leader, Perl will always be around as a stalwart alternative.

Barak Obama is Ruby on Rails.

If you’ve been programming for anytime at all, you’ve heard about the Rails framework. And if you’ve payed any attention to politics lately, you’ve noticed Barak Obama as well. Obama’s splash came at the 2004 Democratic National Convention, when the relative newcomer burst onto the scene as the keynote speaker, enamoring a section of voters that had become tired of the typical political monotony. Rails, too, was announced in 2004, and has quickly emerged as a leading contender because of its ease of use, youthful loyal following, and ability to combine old programing styles with newer streamlined methods. Who doesn’t like the apps from 37signals, which are done with RoR?

Rudy Giuliani is Visual Basic.

What is Giuliani–a conservative Democrat or liberal Republican? What is Visual Basic? A Windows-based application language or an internet VBScript language? I’ve always had a fondness for Basic, since it was my first programming language, and Visual Basic was always intriguing to me because I could easily build usable Windows apps. In a similar way, most of the nation developed a fondness for Giuliani during the immediate aftermath of 9/11, and he’s hoping that cozy fondness carries him all the way to the White House.

Dennis Kucinich is Smalltalk.

Look, I don’t know anything about Smalltalk, but this joke just writes itself.

This is pretty cool. In a patent filed today, Apple lays out an iMac-esque docking station for the upcoming (rumored) ultra-portable notebook. Not travelling much, I didn’t see myself getting one of these “featherbooks” anytime soon, but this might make a difference. Interestingly, Fig 1D shows a slot load optical disk drive in the featherbook–and that’s been rumored to be ommited in effort to conserve space and weight. We’ll see what shows up in these next 2 weeks leading up to the MacWorld Expo…