Security Basics mailing list archives
Re: Password Cracker tools
From: Bhavatosh <bhavatosh () gmail com>
Date: Thu, 24 Nov 2005 12:31:51 +0530
On Wed, 2005-11-23 at 09:10 +0800, Louie wrote:
Dear all, Back to the password cracking question. I am looking for a good password cracker software. I have tried Lopcrack, Kerbcrack and Brutus but seems that they are not that reliable. Can anyone suggest any other password cracking tools??? Regards, Louie
See http://www.hackinglinuxexposed.com/resources/ in that Cracking Passwords section. Regards, Bhavatosh
----- Original Message ----- From: "Gilbert Fernandes" <gilbert.fernandes () spamcop net> To: "michael young" <mhyoung () valdosta edu> Cc: <security-basics () securityfocus com> Sent: Tuesday, November 22, 2005 3:31 AM Subject: Re: password cracking: one char at a time.I was wondering if is at all possible to discover a password one char at a time.You only attack a password one char at a time when you do know the char. For example if you got a word encrypted file, you would attack the beginning bytes until you get the known magic bytes that identify the file. Cryptographers know this. This is why good ciphers generate a first block with random content, and advise to use CBC mode then. Unless you do a correct first block decryption, you will never get the following block (or blocks if the CBC goes from first block to last). If the first block is random, there is no way for you to attack it to attack the CBC-enciphered block that follows since you have no predictible data to find on first block. Passwords are usually "attacked" on first chars if you do know which char or chars you will find but you usually need the whole password to test if the attack is OK or not. And good password systems do not keep passwords. They do keep hashes of the password. So when the user enters something, the content is hashed and compared to the stored hash. If it's the same, then the password is the good one. If the hash is of good cryptographic level, if someone steals the hashes he won't get an easily time finding collisions. And to avoid two users to have the same hash if they use the same password, salt bits are used (that's what Unix does). So to resume your question, attacking the first chars of a password would only be of use if you got an idea of those chars or if you do know the first chars. But good ciphers use first and eventually last random blocks and combined with CBC that won't let you attack the encryption key even if you now the first bytes of the file in advance. -- unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep
Current thread:
- Re: password cracking: one char at a time., (continued)
- Re: password cracking: one char at a time. Martin Krämer (Nov 22)
- Re: password cracking: one char at a time. Saqib Ali (Nov 22)
- Re: password cracking: one char at a time. Kurt Buff (Nov 22)
- Re: password cracking: one char at a time. Ansgar -59cobalt- Wiechers (Nov 22)
- Re: password cracking: one char at a time. Gilbert Fernandes (Nov 22)
- Password Cracker tools Louie (Nov 23)
- Re: Password Cracker tools Saqib Ali (Nov 24)
- Re: Password Cracker tools Jason Thompson (Nov 24)
- Re: Password Cracker tools nodecapatal (Nov 24)
- RE: Password Cracker tools Aditya Deshmukh (Nov 24)
- Re: Password Cracker tools Bhavatosh (Nov 24)
- Re: password cracking: one char at a time. michael young (Nov 23)
- Re: password cracking: one char at a time. Saqib Ali (Nov 23)
- RE: password cracking: one char at a time. Aditya Deshmukh (Nov 24)
- Re: password cracking: one char at a time. Gilbert Fernandes (Nov 28)
- Password Cracker tools Louie (Nov 23)
- Re: password cracking: one char at a time. Ippatsu Man (Nov 22)
- Re: password cracking: one char at a time. Chris Largret (Nov 22)
- Re: password cracking: one char at a time. cg (Nov 22)
- Re: password cracking: one char at a time. michael young (Nov 24)
- RE: password cracking: one char at a time. Clement Dupuis (Nov 24)