Cryptohaze.com

http://www.cryptohaze.com/beta/

Please register & play around.

I will be working on getting things live with this.

Things will likely get processed, but I can't promise anything on rates.

Please use the file upload for large hash lists - it will be much easier on the system and a lot faster for you.

Suggestions on how to manage cracked hashes are welcome - right now it's kind of cumbersome and the export doesn't work right.

Hm... ok, I'm going to apologize for it being really slow. I'm beating on it a lot for testing, and MySQL isn't happy with me about this.

*ponders ways to improve things*

ok testing, added some hashes.

Would it be possible to add some sort of stayed logged in feature.

Total credits earned:
Credits available:

Should default to 0 / 0

Does it actually work?


http://www.cryptohaze.com/beta/myhashes.php

Cracked: Uncracked
Hash Type: MD5
Cracked in the last: Show All (I'm looking for uncracked hashes - This should dissapear if you choose uncracked)
Added in the last: Show All
Tag: Show All

*Click Show Hashes*

No hashes found.

So, there are no uncracked MD5's in the database... ? Or are these only your personal ones?

- Edit -

http://www.cryptohaze.com/beta/hashtypes.php

Hash Type: MD5
Description: Unsalted MD5 hashes
Length (bits): 128 <--- Since when is an MD5 hash 128 Bits? Isn't it 32?
Salted: Yes
Magic: None <--- What on earth does that mean? o_O

Does that mean unsalted or not? And what if you know the salt?

- Edit 2 -

Email Results hourly: If selected, results will be emailed hourly.

Can't you also have an "E-mail on found" ? Granted, it would have a problem if you have 500 submitted hashes

- Edit 3 -

Code: Select all

<label for="bCracked">Cracked:</label>
<select id="bCracked" name="bCracked">

Use tables - Helps with spacing

Reelix wrote:Total credits earned:
Credits available:

Should default to 0 / 0

Does it actually work?

There is no way to earn credits right now, so while it technically works, you won't see it move. Ways to earn credits will be cracking passwords and contributing rainbow table parts.

http://www.cryptohaze.com/beta/myhashes.php

Cracked: Uncracked
Hash Type: MD5
Cracked in the last: Show All (I'm looking for uncracked hashes - This should dissapear if you choose uncracked)
Added in the last: Show All
Tag: Show All

*Click Show Hashes*

No hashes found.

So, there are no uncracked MD5's in the database... ? Or are these only your personal ones?

These only show your personal ones. I don't have the "full DB export" function working yet, as I don't have privacy fields in place - I will be supporting users who do not wish their hashes to extend beyond this system, so they will not be exported for cracking. I agree on the JS fields, I will work on that.

http://www.cryptohaze.com/beta/hashtypes.php

Hash Type: MD5
Description: Unsalted MD5 hashes
Length (bits): 128 <--- Since when is an MD5 hash 128 Bits? Isn't it 32?
Salted: Yes
Magic: None <--- What on earth does that mean? o_O

Does that mean unsalted or not? And what if you know the salt?

MD5 hashes are 128 bits... 16 bytes. Or 32 characters in standard ASCII-hex representation.

Magic: This will apply to things like MD5Crypt & similar that have a "magic" at the front - $1$ or whatever the PHPBB3 hash header is.

Salted:Yes - this is a bug, it should be showing unsalted. Thanks!

Email Results hourly: If selected, results will be emailed hourly.

Can't you also have an "E-mail on found" ? Granted, it would have a problem if you have 500 submitted hashes

That's my concern - spamming out 500+ emails with minimal content to an address gets one quickly blacklisted from most mail servers. Sending a message with content hourly is less so. I may add a premium notification option, but I really don't want to get nailed by blacklists. Also, email isn't working quite yet.

Code: Select all

<label for="bCracked">Cracked:</label>
<select id="bCracked" name="bCracked">

Use tables - Helps with spacing

Ugh. One does not use tables for layout. Do you have layout issues, or is this just a style thing? It should be styled reasonably in any decently modern browser with JS on. And since you logged in, you have JS on.

Use jabber or irc instead of email? Also is it email hourly, if any new are found?

Sc00bz wrote:Use jabber or irc instead of email? Also is it email hourly, if any new are found?

I've thought about an IRC interface... other sites seem to use this with some success.

It will email hourly any new hashes found. If no hashes are found, it will not email.

Feedback from someone on IRC:

[03:19] <vampyr> lol, if i enter a double quote in the username field when registring a username @ http://www.cryptohaze.com/beta/register.php i get logged in instantly without registring.
[03:21] <vampyr> Hey, using script in the username works.
[03:21] <vampyr> fun.
[03:21] <vampyr>
[03:21] <vampyr> Perhaps you might want to check that;)

If you enter any non-used username in the username field you get logged in instantly, you've just registered an account of that name without a password - congratulations, "log in on registration" is working. Not a huge deal, you've just created a spectacularly insecure user. I don't actually care, but I should probably require a password in Javascript.

As for script tags working, I agree that they get passed in. I've resolved this. Thanks.

Per IRC:

Add a notification of "file uploaded, not yet processed" to the page to prevent double uploading.

Also from IRC:

Export lists for full hashes.

Hide "cracked" listbox for download/display if not relevant.

Purge unused accounts after a period

Fix "Already in DB, password is XYZ" skip