Re: Password Cracker tools
From: Bhavatosh (bhavatosh_at_gmail.com)
Date: 11/24/05
- Previous message: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
- In reply to: Louie: "Password Cracker tools"
- Next in thread: michael young: "Re: password cracking: one char at a time."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Louie <bklow@tahaninsurance.com> Date: Thu, 24 Nov 2005 12:31:51 +0530
On Wed, 2005-11-23 at 09:10 +0800, Louie wrote:
> Dear all,
> Back to the password cracking question. I am looking for a good
> password cracker software. I have tried Lopcrack, Kerbcrack and Brutus but
> seems that they are not that reliable. Can anyone suggest any other password
> cracking tools???
>
> Regards,
>
> Louie
>
See http://www.hackinglinuxexposed.com/resources/ in that Cracking
Passwords section.
Regards,
Bhavatosh
>
> ----- Original Message -----
> From: "Gilbert Fernandes" <gilbert.fernandes@spamcop.net>
> To: "michael young" <mhyoung@valdosta.edu>
> Cc: <security-basics@securityfocus.com>
> Sent: Tuesday, November 22, 2005 3:31 AM
> Subject: Re: password cracking: one char at a time.
>
>
> >> I was wondering if is at all possible to discover a password one
> >> char at a time.
> >
> > You only attack a password one char at a time when you
> > do know the char. For example if you got a word encrypted
> > file, you would attack the beginning bytes until you get
> > the known magic bytes that identify the file.
> >
> > Cryptographers know this. This is why good ciphers generate
> > a first block with random content, and advise to use CBC
> > mode then. Unless you do a correct first block decryption,
> > you will never get the following block (or blocks if the CBC
> > goes from first block to last).
> >
> > If the first block is random, there is no way for you to attack
> > it to attack the CBC-enciphered block that follows since you have
> > no predictible data to find on first block.
> >
> > Passwords are usually "attacked" on first chars if you do
> > know which char or chars you will find but you usually need
> > the whole password to test if the attack is OK or not.
> >
> > And good password systems do not keep passwords. They do
> > keep hashes of the password. So when the user enters something,
> > the content is hashed and compared to the stored hash. If it's
> > the same, then the password is the good one.
> >
> > If the hash is of good cryptographic level, if someone steals
> > the hashes he won't get an easily time finding collisions.
> >
> > And to avoid two users to have the same hash if they use
> > the same password, salt bits are used (that's what Unix does).
> >
> > So to resume your question, attacking the first chars of
> > a password would only be of use if you got an idea of those
> > chars or if you do know the first chars. But good ciphers
> > use first and eventually last random blocks and combined
> > with CBC that won't let you attack the encryption key even
> > if you now the first bytes of the file in advance.
> >
> > --
> > unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ;
> > fsck ; umount ; sleep
> >
>
- Previous message: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
- In reply to: Louie: "Password Cracker tools"
- Next in thread: michael young: "Re: password cracking: one char at a time."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
