[wp-hackers] Rethinking check_admin_referer()

Robert Deaton false.hopes at gmail.com
Sat Apr 22 02:01:57 GMT 2006


On 4/21/06, Sam Angove <sam at rephrase.net> wrote:
> For token `md5($end . DB_PASS . $action . $uid)`, can't you do:
>
> foreach ($dictionary as $word) {
>         if (md5($known_time . $word . $known_action . $known_uid) == $known_nonce) {
>                 echo "omg! the db password is $word !!!1";
>         }
> }
>

First, you'd have to get a nonce. Explain to me how you would even
approach that, and then maybe this code is valid, but even at that
point, the time to md5 an entire database is weeks, and that won't
even cover all passwords. Like was posted before, for all alphanumeric
passwords 8 characters long, it'd take the average PC 3 years to
crack. Think about the time it'd take in the range of 6-12 characters,
you're talking about spending your lifetime cracking one md5 password.
This is unrealistic, and like Owen said, when someone comes up with a
working exploit, post again, otherwise, drop it.

--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list