Cracking md5 hash

Toddie's Avatar, Join Date: Jan 2010
Contributor
Here is a question that maybe you guys can help me with.

Suppose a user frequents 2 different websites.
Lets assume that user uses the same password for both sites.
lets also assume that both sites use an md5 hash to encrypt passwords.

one site is not vulnerable to sql injection
the other site is vulnerable to sql injection.

If you obtain the users md5 password hash on the vulnerable website, and you "crack" the hash, would the "crack" work on the other site that you were unable to sql inject?
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Moved your query into separate forum and coming to your question.

It should work.
indiansword's Avatar, Join Date: Oct 2008
Security Expert
yes it shdu work as plan text passwords are same AS LONG AS both encryptions are md5.
Deadly Ghos7's Avatar, Join Date: Dec 2009
Contributor
yeah because for the same string, its md5 hash will always be the same so it will work definitely.
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Just make sure its the same case...