Security Basics mailing list archives

Re: password cracking: one char at a time.

From: michael young <mhyoung () valdosta edu>
Date: Wed, 23 Nov 2005 17:55:59 -0500

Clement Dupuis wrote:

Good day Michael,

Most password encryption use a hashing algorithm which computes a hash value
on the WHOLE password and not part of it.  Windows hashes use to break the
password in two 7 character value before creating the hash but most OS does
not do this.

This means that you must have the proper password and cannot attempt
cracking a one character at the time.  On top of this, some implementation
use a seed value for some randomness, even if you have the correct password,
you might not be able to guess without the seed value.

I am not sure what you mean by a one way versus two way password?

It is my understanding that some algorithms create a hash that allowsyou to usethe hash to unencrypt the password. With other algorithms it is notpossable to

unencrypt the hash to get the original password. Is this wrong?

Take care

Clement


Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO)
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE
Tel: 954 364 8410 (Florida)
Tel: 514 907 1671 (Montreal)
Tel: 418 907 0263 (Quebec)

Fax: 636 773 6328

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site

http://www.cccure.org

The Professional Security Testers Warehouse

http://www.professionalsecuritytesters.org

-----Original Message-----
From: michael young [mailto:mhyoung () valdosta edu]
Sent: Monday, November 21, 2005 1:27 PM
To: security-basics () securityfocus com
Subject: password cracking: one char at a time.

Hi all,
   I was wondering if is at all possible to discover a password one
char at a time.
Normally, you either get the password right or wrong (all or nothing).
Does anyone know if this can be done? Does it depend on the encryption
algorithm
used to encrypt the password? Is that a difference for 1 and/or 2 way
passwords?

thank you,
Michael

Current thread:

Re: Password Cracker tools, (continued)
- - - Re: Password Cracker tools nodecapatal (Nov 24)
    - RE: Password Cracker tools Aditya Deshmukh (Nov 24)
    - Re: Password Cracker tools Bhavatosh (Nov 24)
  - Re: password cracking: one char at a time. michael young (Nov 23)
    - Re: password cracking: one char at a time. Saqib Ali (Nov 23)
    - RE: password cracking: one char at a time. Aditya Deshmukh (Nov 24)
    - Re: password cracking: one char at a time. Gilbert Fernandes (Nov 28)
- Re: password cracking: one char at a time. Ippatsu Man (Nov 22)
- Re: password cracking: one char at a time. Chris Largret (Nov 22)
- Re: password cracking: one char at a time. cg (Nov 22)
- Re: password cracking: one char at a time. michael young (Nov 24)
  - RE: password cracking: one char at a time. Clement Dupuis (Nov 24)