Originally Posted by SaswatPadhi View Post
I don't really get this !?!

(1) Can we reverse a crypto-hash ?? There can be infinitely many arbitrary data blocks with the same MD5.
As I saw in your article, you make some assumption about the data : such as numeric, or uses special symbols etc .. But what if you have no idea AT ALL ??

(2) If the data-block is combined with a random salt before generating MD5 hash, then ?? Rainbow tables are almost useless !
(1) No. And if u have no idea at all u can make an assumption that the password length may be with 4-10 chars and u can use all char set to create rainbow tables. I just demonstrated it for numeric cos of the time constraint. If u re free enough to create a rainbow tables of size 80 GB or more create it and crack it.

(2) In real time most of the sites give unsalted passwords by SQL injection. And no one is gonna combine with random salt for an admin password.

see the last part of the article (FAQ's) I have clearly said this is used for cracking the passwords which we get from SQL injection. I am not dealing with any kinda data that is hashed or salted with MD5.