Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: password cracking: one char at a time.

from [Clement Dupuis] Network Security [Permanent Link]
Subject: RE: password cracking: one char at a time.
Date: Thu, 24 Nov 2005 14:30:27 -0500 
Michael wrote:


It is my understanding that some algorithms create a hash that allows
you to use
the hash to unencrypt the password. With other algorithms it is not
possable to
unencrypt the hash to get the original password. Is this wrong?

[Clement says:] 

A hash is not a key and it is NOT an encryption algorithm, in fact there is
no key being used when you create a hash.  You simply put your message
through a hashing algorithm and you get a message digest or a hash value
that represent a fingerprint of that specific message.  The hash is NEVER
use as a key to decrypt.

The hash is used instead of the plain text representation.  This way you do
not send the password in clear text over the network.  The server knows what
hash value correspond to the password being used.  MD5 is often used today
for passwords.  The MD5 hash will be sent and not the cleartext password.

There is still a requirement to use strong password.  If you use small
password of less than 8 characters, it would be possible using precomputed
hash table to find out what is the corresponding password very quickly.

I would suggest you take a look at the following document on my web site:

http://www.cccure.org/Documents/Cryptography/cisspallinone.pdf  
This document has a nice overview of cryptography and has good coverage of
what hashing algorithms are and how they are use.

Also take a look at the crypto section at:
http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=9  
You will find everything you ever wanted to know about cryptography.

Take care

Clement
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: secure disposal of backup tapes, Jacob Bresciani
Next by Date:  2nd CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria, Manh Tho
Previous by Thread:  Re: password cracking: one char at a time., michael young
Next by Thread:  Password Management, Badhrinath S
Indexes:  [Date] [Thread] [Top] [All Lists]