Hey everyone,
So I came across this neat program. Firstly, this program might be considered illegal, as it can be used to crack passwords - thus you get no links from me! I take no responsibility; I'm just posting the technology behind the program, because it is very interesting. Okay, onto the good stuff!
This particular tool is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS).
It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash.
Interesting... So the actual attack type behind this software is a dictionary type attack. It basically sets up a nested FOR loop, comparing the password hash (or whatever form of testing you are using) to a dictionary list (which can be custom). Very popular, so if you are a server operator, watch for people using this.
The interesting thing about this type of attack in regards to security, is that there is really no defence against this kind of attack. If the black hat has gotten a encrypted hash of your password - they can try to crack it offline. There is nothing you can do to stop this person once they have the hash - you must simply hope your passwords strength overcomes the dictionary attack (hence using passphrases instead of a password)
I am more interested in brute force attacks personally - they may take longer, but with the right letterlist and enough time they will always crack the password.
Stay tuned, stay classy
;)
Posts
good post :)
ReplyDeleteDon't worry man, I won't. Nice post!
ReplyDeleteVery risky though if you were to be caught.
ReplyDelete