Find a password, if our l337 h4XX0r skillz have already allowed us to harvest the MD5 hash for it.
The completely stupid way to store passwords, implemented by small children writing programs in BASIC and by $300-an-hour consultants writing enterprise software, is to just save all of the usernames and matching passwords as plain text in a file somewhere. If an attacker can read that file, they can now log in as anybody.
A much better, but still not as secure as it should be, method of saving passwords is to “hash” them using a “one way” or “trapdoor” algorithm, like MD5. A trapdoor algorithm runs very quickly in one direction (turning a password into an almost-unique string of seemingly random characters), but is almost impossible to run the other way, if you don’t have access to cubic kilometres of sci-fi nanotech.
If someone gets hold of the file in which you store password hashes, the one-wayness of the hash algorithm means the attacker still can’t figure out what passwords correspond to what hashes, and so cannot make use of his discovery.
Well, that’s the theory.
In practice, attackers can take a dictionary of passwords, hash them all, then search for matches between their new hash dictionary and the password hashes. There are even helpful online tools that’ll do it for you, like the long-established passcracking.com/ru, or md5oogle. When there’s a match, you’ve got the password.
And this is what Google allows you to do in two seconds, if the password hash you’re trying to “reverse” corresponds to a common word.
The word “elephant”, for instance, hashes to e4b48fd541b3dcb99cababc87c2ee88f. Search for that in Google and you’ll get a bunch of pages which, for reasons explained in the Light Blue Touchpaper post and its comments, often also have the word “elephant” on them, or right in their title.
(This post will probably be very high in those search results in a day or two. Check out the above-linked online reverse MD5 hash lookup tool if you’d like to explore other options - it lets you hash any string you like, then checks some databases for it. While it’s checking, you can be Googling the same string. Md5oogle lets you generate MD5 hashes as well, but it converts everything to uppercase first - which many password systems also do.)
This technique only works for passwords that’re common words - or, at least, have for some reason been hashed and stored in a Google-visible file. If your password is something nonsensical like dj347F, which hashes to 54041c87e2e431f3fc4c47e55d114ef3, the hash won’t be found anywhere on the Web (except, again, on this page, once Google indexes it).
This technique also doesn’t work if the passwords are “salted” with some extra data before being hashed. So if a user foolishly decides to choose “mypassword” as his password, the software actually hashes, say, 28391mypassword, and thus creates an un-findable hash.
Adding a simple fixed salt to every password still doesn’t give you really industrial-strength security, but it’s streets ahead of a lot of the junk that makes it to production. And it does stop dumb attacks like Google searching - well, at least until people find out that MurderDeathKill 3D’s online gaming logon system just adds 28391 before hashing passwords, and start making tables of dictionary words with 28391 in front of ‘em.
Lots of current popular software uses unsalted hashes, including the WordPress software that runs this blog.
So it’s pretty lucky that I made my admin password “3hv78UEr”, isn’t it?