Zero Hour Sleep

Interesting subject isn’t? Ok, first let me tell you there is no way to decrypt MD5 hash values, because MD5 is not an encryption algorithm in the first place!

In fact, Md5 is a hash, and the difference between an encryption algorithm and a hash is that encryption is a 2 way process, while a hash is 1 way process. When you encrypt a value, you can decrypt it using some mathematical function function, while when you hash a value (say X), you compare it to a second value (say Y) by hashing “Y” as well, then you compare the 2 hashed values, if they’re equal then X and Y are equal.

MD5 is applied in various applications, mail servers for example use MD5 to store you password. When you first sign up, you password is hashed and stored in the database. Next time you login, the password that you enter will be hashed and the result will be compared to the hash value in the database, if they match then you are granted access. So, the “real” value of your password is never stored anywhere and then you can rest assured no one will have a peek at your password. And that’s why by the way such applications never offer recovering your password unless by sending you a new one.

Conclusion: a hash function is irreversible.

I do understand now if you’re thinking that I fooled you with the post title, but I really didn’t. There are various websites on the internet with a database containing dictionnary of words along with their corresponding MD5 hash values, and they will be a great help to you if you have a hashed string and want to know the original corresponding word to it.

http://md5.rednoize.com/
http://www.md5oogle.com/
http://www.gdataonline.com/seekhash.php
http://www.md5-db.com/

Each one of these websites has a certain number of words and their hash values, Rednoize for example has more than 50 million words, the other 3 websites have less than 10 millions each. So Rednoize should be your best choice.

Suppose you lost your e-mail password, and it happened that you have access to the backend database, so all you got is the hash of your password. Let’s assume it is “5d41402abc4b2a76b9719d911017c592″.

Now you can go to one of these websites, enter the hash value you have and get your password. Rednoize will give us “hello”. Try to login to your e-mail using “hello” as a password and it should work!

In an earlier post we introduced to you SysKey, an important security tools in Windows, and we we got a comment on that post requesting a workaround to make SysKey run with a USB drive instead of a floppy.

The request we received makes sense actually, since very few people are using floppy drives nowadays while usage of USB key became very common. The idea is to prevent people from reaching the log on screen of your computer when they turn it on unless they plug in a certain USB key, it’s similar to creating a USB dongle and is of course more convenient than using a floppy disk for the same purpose.

Some companies offer the creation of such USB keys for a good sum of money, but today we’re going to learn how to easily do it through the SysKey tool, and all for free!

Read the rest of this entry »

In today’s post we will be talking about a very important, yet not so famous, security tool in Windows, that is the SYSKEY.

Windows 2000, XP and 2003 have a Security Accounts Management database (SAM) that stores a hashed copies of user passwords. But this database needs to be secured in order to prevent hackers from easily sneaking into the user accounts, that’s why Windows requires that these hashes are encrypted with a system key that is usually stored withing your operating system.

However, you can enhance the SAM database encryption by moving the encryption key off your computer. You can do that by using the handful SYSKEY utility, and it is pretty easy to accomplish. Let’s learn how to do it.

Read the rest of this entry »

Just like almost every other web browser, Firefox also has a built-in module to save your passwords and we actually make use of this function. But we have we have lately ran across the problem of forgetting one of the passwords that we saved in Firefox long time ago.

However, good for us there is a way to retrieve the passwords that we already saved. Here’s how to it.

Read the rest of this entry »

Although we all know the importance of backups but most users find it an annoying job to do, and they don’t start following a good backup procedure until they suffer from data loss.

One good solution is to go for automatic backup if you are using Windows Vista, as it doesn’t require any additional effort after setting it up. Automatic backup is one of Windows Vista’s new feature that will allow you to specify a schedule to automatically backup your important personal files to a location of your choice. Once initial backup is done after the setup is done, and then updated files will be automatically backed up according to the schedule.

Here’s how to do it.

Read the rest of this entry »

USB keys are great tools to keep your important data with you whenever you are. But they might become a threat if the working environment requires a very high level of confidentiality, so allowing persons to use their USB drives to tranfer files from and to their computers will put the important data at risk.

Today we will be showing you how to prevent your users from writing to their USB drives through a simple registry hack.

Read the rest of this entry »

If you’re a Gmail user and making back ups your emails using the G-Archiver, then the first thing your have to do before proceeding with reading this post further is to CHANGE YOUR GMAIL PASSWORD IMMEDIATELY!

For those who don’t know what G-Archiver is, it’s a software to backup your e-mails from your Gmail account to your computer in order to free up some space in your account or to simply keep a backup in case Gmail suffered from a data loss.

According to Dustin Brooks from Coding Horror, G-Archiver’s programmer (John Terry) has implemented a small piece of code so that each time a user inputs his Gmail username and password an email is sent to John containing their username and password!

Read the rest of this entry »

It’s hard to stay 100% safe while being online nowadays. Some claim that the best security measure you can take is to simply unplug your connection cable, we oppose that.

It’s always possible to protect yourself online, be it by installing some tools or by doing some small tweaking to your operating system.

Here are 10 random tips for you to have safe computing.

Read the rest of this entry »

It’s good to learn from your own mistakes, but when it comes to data loss you will really prefer to learn from others’ mistakes! Trust us on this one.

We’re saying that because we’ve been there before, we lost some data before and we had a hard time recovering it although we used some very famous recovery tools. Note that we do not claim here that recovery programs are inefficient, but they do have limitations under some circumstances and a backup copy of your data is always better.

Here are 5 reasons for everyone to do regular backup.

Read the rest of this entry »

I’m pretty sure your computer contain a LOT of personal data such as photos, passwords, credit card number and confidential documents… You probably think that if you right click and delete these file then everything will just disappear. However, this is not the case, give me your hard drive for 10 minutes, and I will surprise you by how many deleted files I will be able to get back!

Here is how can this be done and how to trash your files once and forever.

Read the rest of this entry »