This tool is here to hopefully hammer home just how useless the MD5 and SHA1 hashes are for passwords, and also why passwords should be salted. I created this to:
- Discourage developers from using MD5 and SHA1 hashing algorithms as security in their applications
- Encourage developers to salt their passwords. Possibly pepper them too, so reversing compromised passwords is a lot harder for people
- Encourage users to use better passwords, possibly password managers
- Promote better security on the internet and with computers in general
This tool doesn't break either algorithm, it's a brute force solution where the hashes have been generated in advance, and it performs a lookup on them. It's basically a free rainbow table for MD5 and SHA1. Some of the hashes have been generated by scripts to loop through the alphabet and build the strings, others have been created from lists of compromised passwords from previous website hacks and a list of dictionary words. Over time this list will grow and cover more combinations. If you do happen to find your details on a list of leaked credentials and it happens to be a MD5 or SHA1 hashed database, you can check it here to see if people might know what it is. Regardless of whether that is the case or not, you should change your password.