Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Password Cracker tools

from [Louie] Network Security [Permanent Link]
Subject: Password Cracker tools
Date: Wed, 23 Nov 2005 09:10:45 +0800
Dear all,
Back to the password cracking question. I am looking for a good password cracker software. I have tried Lopcrack, Kerbcrack and Brutus but seems that they are not that reliable. Can anyone suggest any other password cracking tools???

Regards,

Louie


----- Original Message ----- From: "Gilbert Fernandes" <gilbert.fernandes@spamcop.net>
To: "michael young" <mhyoung@valdosta.edu>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, November 22, 2005 3:31 AM
Subject: Re: password cracking: one char at a time.


 I was wondering if is at all possible to discover a password one
char at a time.


You only attack a password one char at a time when you
do know the char. For example if you got a word encrypted
file, you would attack the beginning bytes until you get
the known magic bytes that identify the file.

Cryptographers know this. This is why good ciphers generate
a first block with random content, and advise to use CBC
mode then. Unless you do a correct first block decryption,
you will never get the following block (or blocks if the CBC
goes from first block to last).

If the first block is random, there is no way for you to attack
it to attack the CBC-enciphered block that follows since you have
no predictible data to find on first block.

Passwords are usually "attacked" on first chars if you do
know which char or chars you will find but you usually need
the whole password to test if the attack is OK or not.

And good password systems do not keep passwords. They do
keep hashes of the password. So when the user enters something,
the content is hashed and compared to the stored hash. If it's
the same, then the password is the good one.

If the hash is of good cryptographic level, if someone steals
the hashes he won't get an easily time finding collisions.

And to avoid two users to have the same hash if they use
the same password, salt bits are used (that's what Unix does).

So to resume your question, attacking the first chars of
a password would only be of use if you got an idea of those
chars or if you do know the first chars. But good ciphers
use first and eventually last random blocks and combined
with CBC that won't let you attack the encryption key even
if you now the first bytes of the file in advance.

--
unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ;
fsck ; umount ; sleep


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Writing papers on Information Security, security
Next by Date:  Re: password cracking: one char at a time., michael young
Previous by Thread:  Re: password cracking: one char at a time., Gilbert Fernandes
Next by Thread:  Re: Password Cracker tools, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]