Can somebody explain MD5 Hash lists for Neopets?

[Fran]

I would like to know what are MD5 hash lists, absolutely no idea how they work and what they are.

Can you crack Neopets accounts with this lists, if so how? Thank you

[l_royalty_l]

I posted some info about them in my selling thread if you wanna take a look at that
If you have anymore questions after reading that, let me know and I will do my best to answer any questions you may have.

-Andrew

[Fran]

Thank you Andrew

[Personoid xX]

An MD5 is an irreversible hashing function.
Some sites use MD5 as the hashing method for passwords. Well most sites, actually.
Anyway, Gaia and Neo both use MD5 hashing.
How this works is as follows:
When you sign up for an account your info is stored to the database. Your password is hashed using the MD5 method. Sometimes it adds extra text, etc.
This is a security measure. Once the password hash is stored to the database you're ready to login.
When you enter your username and password, the password is encrypted with the same method and compared to the hash stored in the database.
If they match, your login is correct and you get access to the account. If it doesn't match you don't.
I'll show you an example.

The following is a word hashed using md5.

"DC647EB65E6711E155375218212B3964"

That is the word "Password" hashed in md5.

[Scab]

Quote:

Originally Posted by Personoid xX

An MD5 is an irreversible hashing function.
Some sites use MD5 as the hashing method for passwords. Well most sites, actually.
Anyway, Gaia and Neo both use MD5 hashing.
How this works is as follows:
When you sign up for an account your info is stored to the database. Your password is hashed using the MD5 method. Sometimes it adds extra text, etc.
This is a security measure. Once the password hash is stored to the database you're ready to login.
When you enter your username and password, the password is encrypted with the same method and compared to the hash stored in the database.
If they match, your login is correct and you get access to the account. If it doesn't match you don't.
I'll show you an example.

The following is a word hashed using md5.

"DC647EB65E6711E155375218212B3964"

That is the word "Password" hashed in md5.

And how exactly do you know what the word is from that series of chracters?

[Personoid xX]

Quote:

Originally Posted by Scab

And how exactly do you know what the word is from that series of chracters?

You don't. It's irreversible.
I used the md5 hashing method to hash the word "Password" and it gave me that hex string.

Edit: That's why it's so secure. Because even if you have a hash you can't reverse it.
You can compare it to a database or you can brute force it.
If someone were to reverse an md5 hash they would probably win a Nobel prize. lol.

[Fran]

Thank you so much for the explanation! I wished I had my thank button... will thank as soon as I get it, thank you!

[Personoid xX]

You're welcome.
Although i'd like to add this.
According to Wikipedia and a few other sources i've found, There is a vulnerability in the MD5 method that could allow a hacker to generate a hash that is exactly the same as another hash.
Which kinda means: If someone could get their hands on a hash they might be able to get into an account without ever knowing the real password...

Someone should learn this method and post it here.

[Fran]

Thank you again! And that addition would be greatly appreciated too ^^

[melchior]

why is the fish here?



i tried making my own md5 algorithm once. it was mega fail. probably because i didn't really pay attention to what i was doing though.