02-12-2017, 01:31 AM
(02-11-2017, 09:36 PM)epixoip Wrote: In this context (assuming the donors or beneficiaries or whomever are intended to be kept confidential) it is dumb to use MD5, yes. They should be trivial to crack.
You wouldn't use a mask. You'd either do a combinator attack or use rules to append domain names.
Okay, short of me figuring out how to do this and demonstrating, can someone help me explain why this is a very dumb idea? How trivial would it be to crack a list of a million email addresses of donors? They are all lower cased and md5 with no salt. (Just the mysql MD5 function.)
What is a better way to do this, realizing I'm dealing with people who wander up and down the hallway demanding someone tell them what their password is.