Password cracking: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
Steps required for password cracking software: | Steps required for password cracking software: | ||
# Identify which columns contain the username and the password (hashed or otherwise). | # Identify which columns contain the username and the password (hashed or otherwise). May be easier to convert to a standard internal representation before processing. | ||
# Identify the algorithm used. | # Identify the algorithm used. | ||
# Identify whether a salt is used. | # Identify whether a salt is used. | ||
Revision as of 16:56, 22 July 2018
Initial steps
Steps required for password cracking software:
- Identify which columns contain the username and the password (hashed or otherwise). May be easier to convert to a standard internal representation before processing.
- Identify the algorithm used.
- Identify whether a salt is used.
From these there are multiple stages:
- If no salt is used (e.g. plain MD5), consult a pre-computed lookup table.
Identifying an algorithm
- Length: 32 characters is likely to be MD5.
- Characters: 0-9a-zA-Z is likely to be MD5.
Lookup tables
- How should these be delivered? Plain text file, SQLite database, Lightning Memory-Mapped Database (LMDB), something else?
- What options does the chosen language support?
- Which options are the most efficient?
Libraries
Ultimately most libraries end up being a wrapper around OpenSSL.
Python
hashlib is the Python wrapper around OpenSSL and appears to be in the standard library.