Wow, every password has been cracked, even the ones I just made up like "ldkfjg832u23rsiu32842)(/&()". No password is safe anymore, so I can just stick my old "Password!".
Dev here. The red results are because of Google's limitation for searches from one IP. Now, I wrote the app again, but instead of scraping the Google results, I used the official Google search API. This way there should not be any limits whatsoever. It works like a charm, BUT the API excludes the biggest hash databases from the results (of course...), so the results can be green even though a cracked hash has been found.
The awesome thing about an app like this is that when you have a lot of people use it you can then use the logged password checks as dictionary attacks against hashed passwords that you steal.
Very clever social engineering attack.
Now I reversed the app back to where it was at first; fast and only searches "hash+plainstring". Now the results include all the hash databases too. The server IP gets banned from time to time, but the IP should be dynamic, so the bans won't last forever.
I could use Yahoo, but it doesn't find nearly as much hashes as Google.
7 comments
[ 5.2 ms ] story [ 37.2 ms ] threadi've pinged the developer to inverse the color scheme and to add a note about clicking through to see the results
I could use Yahoo, but it doesn't find nearly as much hashes as Google.
Also, no logs are kept.