Re: password cracking: one char at a time.

From: michael young (mhyoung_at_valdosta.edu)
Date: 11/23/05

  • Next message: Aditya Deshmukh: "RE: Blocking Instant Messaging Applications"
    Date: Wed, 23 Nov 2005 17:55:59 -0500
    To: Clement Dupuis <cdupuis@cccure.org>, security-basics <security-basics@securityfocus.com>
    
    

    Clement Dupuis wrote:

    >Good day Michael,
    >
    >Most password encryption use a hashing algorithm which computes a hash value
    >on the WHOLE password and not part of it. Windows hashes use to break the
    >password in two 7 character value before creating the hash but most OS does
    >not do this.
    >
    >This means that you must have the proper password and cannot attempt
    >cracking a one character at the time. On top of this, some implementation
    >use a seed value for some randomness, even if you have the correct password,
    >you might not be able to guess without the seed value.
    >
    >I am not sure what you mean by a one way versus two way password?
    >
    >
    It is my understanding that some algorithms create a hash that allows
    you to use
    the hash to unencrypt the password. With other algorithms it is not
    possable to
    unencrypt the hash to get the original password. Is this wrong?

    >Take care
    >
    >Clement
    >
    >
    >Clément Dupuis, CD
    >President/Security Evangelist/Chief Learning Officer (CLO)
    >CCCure Enterprise Security & Training Inc.
    >CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE
    >Tel: 954 364 8410 (Florida)
    >Tel: 514 907 1671 (Montreal)
    >Tel: 418 907 0263 (Quebec)
    >Fax: 636 773 6328
    >
    >Maintainer of :
    >
    >The CISSP and SSCP Open Study Guides Web Site
    >http://www.cccure.org
    >
    >The Professional Security Testers Warehouse
    >http://www.professionalsecuritytesters.org
    >
    >
    >
    >
    >>-----Original Message-----
    >>From: michael young [mailto:mhyoung@valdosta.edu]
    >>Sent: Monday, November 21, 2005 1:27 PM
    >>To: security-basics@securityfocus.com
    >>Subject: password cracking: one char at a time.
    >>
    >>Hi all,
    >> I was wondering if is at all possible to discover a password one
    >>char at a time.
    >>Normally, you either get the password right or wrong (all or nothing).
    >>Does anyone know if this can be done? Does it depend on the encryption
    >>algorithm
    >>used to encrypt the password? Is that a difference for 1 and/or 2 way
    >>passwords?
    >>
    >>thank you,
    >>Michael
    >>
    >>
    >>
    >
    >
    >
    >
    >


  • Next message: Aditya Deshmukh: "RE: Blocking Instant Messaging Applications"

    Relevant Pages

    • [Full-disclosure] New Version of JBrute
      ... several algorithms from propietary apps ... _ Error when format of Oracle10g hash is incorrect. ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
      ... SHA-1 is 160 bit hash. ... MS> professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong ... Wang's research focusses on hash algorithms. ...
      (Full-Disclosure)
    • Re: A different aproach to archiving files
      ... >> checking and throw out the modulo computation. ... >But that would result in the hash depending on only ... >> produce multiple small values from different algorithms, ... Depends on the hash algorithms. ...
      (comp.os.linux.development.apps)
    • Re: Uniqness of Hash Values
      ... >for duplicate files - but not quite). ... >How good are the hash algorithms for creating Unique references? ... bigger the key the less likely a dupe is but it will happen. ...
      (borland.public.delphi.non-technical)
    • Re: NSEC3, version 12,
      ... In section 12.1.3 ("Using New or Unknown Hash Algorithms"), ... Imagine a resolver that only supports NSEC3-SHA256 (or some other new ... but not NSEC3-SHA1 (or whatever the zone is currently ...
      (comp.protocols.dns.std)