Quote:
Originally Posted by kacir
You can retrieve a password.
Even if it is stored as a one-way hash.
There are numerous programs (such as well known John The Ripper for unix passwords) and services (such as server in Switzerland that has database of hashes for all possible password combinations for Windows computers (there is maximum 26 letters allowed in Windows))
It can't be that difficult to brute-force CC number on a quad-core machine with more than of 4GB RAM
|
Sort of but not really. You can guess the input to a hash but you won't know if it is the actual input. One way hash's are one way they are not reversible. What programs and servies like those mentioned do is take input and compare the output with what you are looking at. However, hashes are not unique in the sense that one input gives one output. Many different inputs can yield the same hash. Because it's combination if name and last digits of the credit card number the chances of guessing correctly for both is very very small. Now if you already knew one part of it (the persons name on the credit card) then you could have a better chance of getting the digits. However, it's still limited to only some of the digits not the full credit card number. At best you should only be able to narrow it down to a range of possibilities. Now this is all assuming the file gets and people start trying to brute-force it. Especially considering it would be easier to just steal a pre-approved credit card offer from your mail box.