Plugin Added: HashMe #133

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants
Contributor

brutalhonesty commented Feb 7, 2013

Plugin: HashMe
Source: Goog.li
Attributes: Returns hashes of any "possible" plaintext and plaintext of hashes.
Related requests: https://duckduckhack.uservoice.com/forums/5168-plugins/suggestions/3408602-identifying-cryptographic-hash-type-
https://duckduckhack.uservoice.com/forums/5168-plugins/suggestions/3627481-search-hashes-passwords
Screenshot:
Screen Shot 2013-02-06 at 7 11 58 PM

Member

majuscule commented Jun 25, 2013

Hi @brutalhonesty !

I apologize for not getting back to you sooner. I'm not sure how this pull request slipped through the cracks. That said - this isn't really a good application for a Spice plugin. There's no reason to rely on a third party service, when we can simply run the hashes ourselves. In fact, we already have a Goodie that does this, although not all at the same time. Check out https://duckduckgo.com/?q=md5+test for an example.

We really appreciate you taking the time to write and submit this spice. I hope that we will see another from you in the future. If you do, I promise that I will look at it immediately. You can also email me at dylan@duckduckgo.com.

My apologies,
dylan

majuscule closed this Jun 25, 2013

Contributor

brutalhonesty commented Jun 25, 2013

Hey Dylan,

The reason for this plugin was to fill the request https://duckduckhack.uservoice.com/forums/5168-plugins/suggestions/3408602-identifying-cryptographic-hash-type- Which would allow you to type in the hash and it would give you the type as well! We were well aware about md5 + some word as something that was already available. Please reconsider by taking a look at the request that was made and note that this plugin that I made goes both ways. If it still not something that is needed, please let the user know on the suggestion page above.

Thanks

Member

majuscule commented Jun 25, 2013

Hi again,

Thanks for explaining. I think that that is reasonable. I am reopening this pull request now. In the time that it's been since been since you opened this pull request, we've updated our Spice framework. It now uses a new rendering and templating system that makes them simpler to write. I don't want to ask you to port this over, so I'm going to do it myself now. You are still, of course, free to make changes!

I'll post back here after it's done. I'm starting now.

Thanks again,
dylan

majuscule reopened this Jun 25, 2013

Member

majuscule commented Jun 25, 2013

Err, I think I misunderstood. When you said "goes both ways", I assumed that there was some additional search functionality (looking for public hashes) that I had not noticed. Unless I am further mistaken, there is no function besides showing a wide range of hash values. I agree that that has a use case, and should be implemented. But there is no reason to rely on (and add the latency of) a third party service when the same calculations can be made inside a Goodie.

I'm so sorry for my confusion :-(. Would you please clarify if I am mistaken?

Contributor

brutalhonesty commented Jun 25, 2013

That's quite alright abou the confusion.
What I meant was, Goog.li will take the hash (EX: 098f6bcd4621d373cade4e832627b4f6) and tell you what type of hash it is: https://goog.li/?j=098f6bcd4621d373cade4e832627b4f6 (Look at type: ) which is what the original request was for. However, there was also the ability to hash incoming words to get the data in the screenshot in my original request. So the "goes both ways" lets you hash the incoming word or give a hash and it will give you the type and the cleartext if its available.

Member

majuscule commented Jun 28, 2013

Hi again,

Very cool! I completely understand. I can definitely see it getting a lot of use. I've ported it to spice2 as I mentioned above. I also made a few changes to the design, as well as added some code to prioritize plaintext for hash queries, and to use the hash type in the header when identified. I also noticed that goog.li is returning a 302 redirect to leakdb.abusix.com, so I switched the spice to to use that domain and avoid the added latency.

My changes are on the branch https://github.com/duckduckgo/zeroclickinfo-spice/tree/pr/133. I've also deployed to my development instance: https://dylan.duckduckgo.com/?q=leakdb+2034f6e32958647fdff75d265b455ebf. Check it out and tell me what you think.

I'm excited to get this live!
Thanks again,
dylan

Contributor

brutalhonesty commented Jun 29, 2013

Looks great! Covered all the bases and made it look every better! Can't wait to see it live!

Member

majuscule commented Jul 8, 2013

Hi @brutalhonesty,

It's live! https://duckduckgo.com/?q=leakdb+2034f6e32958647fdff75d265b455ebf.

I just noticed it's triggering on 'leakdb' and 'hashme' alone, so I fixed that and added a test for those cases.

We'll be announcing this on the duckduckhack twitter soon.

Thanks again!

majuscule closed this Jul 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment