- Download the hash file here: http://www.mediafire.com/?n307hutksjstow3
** Warning - if you had a stupid password like "linkedin" or "password" it's already been cracked and removed from teh file. You lose. - Go here, http://duckduckgo.com/?q=sha1+password and replace the 'password' portion with your actual password. This site doesn't know who you are, so this should be safe. Copy the result, you'll need it. The SHA1 hash for 'password' is 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8.
- Open the text file and search for the password. Use your favorite tool for this. If it's found, the good news is your password isn't cracked yet, but the bad news is it's been leaked and could get cracked soon, depending on complexity.
- bonus: Next, repeat steps 1 and 3, except prepend 00000 to your password. So if your password was password, you would get the sha1 for 00000password. If you get a positive match, your password has already been cracked. Damage control.
Alternatively try leakedin.org, but I don't know how trustworthy this site is. You're basically giving them your password by asking the question "is it leaked". They may not be malicious, but I almost guarantee they're at least keeping logs.
I think you got step 4 wrong. You need the hash of your password, then you replace the first 5 characters with zeros. Then try to locate it in the file. You should do this check as well as the full check for the complete hash.
ReplyDeleteThe 5 zero is a prepend, not replace. The already-cracked passwords are marked this way. If it was a replace,
ReplyDeletea) passwords with <= 5 characters would all become meaningless and same
b) passwords would lose meaning in general by losing those first 5 characters.