Security Basics mailing list archives
Re: password cracking: one char at a time.
From: Gilbert Fernandes <gilbert.fernandes () spamcop net>
Date: Mon, 21 Nov 2005 20:31:48 +0100
I was wondering if is at all possible to discover a password one char at a time.
You only attack a password one char at a time when you do know the char. For example if you got a word encrypted file, you would attack the beginning bytes until you get the known magic bytes that identify the file. Cryptographers know this. This is why good ciphers generate a first block with random content, and advise to use CBC mode then. Unless you do a correct first block decryption, you will never get the following block (or blocks if the CBC goes from first block to last). If the first block is random, there is no way for you to attack it to attack the CBC-enciphered block that follows since you have no predictible data to find on first block. Passwords are usually "attacked" on first chars if you do know which char or chars you will find but you usually need the whole password to test if the attack is OK or not. And good password systems do not keep passwords. They do keep hashes of the password. So when the user enters something, the content is hashed and compared to the stored hash. If it's the same, then the password is the good one. If the hash is of good cryptographic level, if someone steals the hashes he won't get an easily time finding collisions. And to avoid two users to have the same hash if they use the same password, salt bits are used (that's what Unix does). So to resume your question, attacking the first chars of a password would only be of use if you got an idea of those chars or if you do know the first chars. But good ciphers use first and eventually last random blocks and combined with CBC that won't let you attack the encryption key even if you now the first bytes of the file in advance. -- unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep
Current thread:
- password cracking: one char at a time. michael young (Nov 21)
- Re: password cracking: one char at a time. Martin Krämer (Nov 22)
- Re: password cracking: one char at a time. Saqib Ali (Nov 22)
- Re: password cracking: one char at a time. Kurt Buff (Nov 22)
- Re: password cracking: one char at a time. Ansgar -59cobalt- Wiechers (Nov 22)
- Re: password cracking: one char at a time. Gilbert Fernandes (Nov 22)
- Password Cracker tools Louie (Nov 23)
- Re: Password Cracker tools Saqib Ali (Nov 24)
- Re: Password Cracker tools Jason Thompson (Nov 24)
- Re: Password Cracker tools nodecapatal (Nov 24)
- RE: Password Cracker tools Aditya Deshmukh (Nov 24)
- Re: Password Cracker tools Bhavatosh (Nov 24)
- Re: password cracking: one char at a time. michael young (Nov 23)
- Re: password cracking: one char at a time. Saqib Ali (Nov 23)
- RE: password cracking: one char at a time. Aditya Deshmukh (Nov 24)
- Re: password cracking: one char at a time. Gilbert Fernandes (Nov 28)
- Password Cracker tools Louie (Nov 23)
(Thread continues...)