Password cracking: Difference between revisions
Jump to navigation
Jump to search
Line 29: | Line 29: | ||
* Simple combinations, such as dictionary word concatenated with '1', '123' etc. | * Simple combinations, such as dictionary word concatenated with '1', '123' etc. | ||
* Every possible combination of case and 0-9a-z from 6-12 characters in length. | * Every possible combination of case and 0-9a-z from 6-12 characters in length. | ||
=== Lightning Memory-Mapped Database (LMDB) === | |||
* [http://lmdb.readthedocs.io/en/release/ Python bindings to LMDB] | |||
== Libraries == | == Libraries == |
Revision as of 15:19, 24 July 2018
Initial steps
Steps required for password cracking software:
- Identify which columns contain the username and the password (hashed or otherwise). May be easier to convert to a standard internal representation before processing.
- Identify the algorithm used.
- Identify whether a salt is used.
From these there are multiple stages:
- If no salt is used (e.g. plain MD5), consult a pre-computed lookup table.
Identifying an algorithm
- Length: 32 characters (16 bytes) is likely to be MD5.
- Characters: 0-9a-fA-F is likely to be MD5.
Lookup tables
- How should these be delivered? Plain text file, SQLite database, Lightning Memory-Mapped Database (LMDB), something else?
- What options does the chosen language support?
- Which options are the most efficient?
- Can lookup tables be built entirely in memory and then flushed to disk? Regular flushing as used by SQLite prevents data loss but may take longer due to regular I/O.
Contents of lookup tables:
- Dictionary words
- Common words not in dictionary (e.g. TV shows)
- Simple combinations, such as dictionary word concatenated with '1', '123' etc.
- Every possible combination of case and 0-9a-z from 6-12 characters in length.
Lightning Memory-Mapped Database (LMDB)
Libraries
Ultimately most libraries end up being a wrapper around OpenSSL.
Python
hashlib is the Python wrapper around OpenSSL and appears to be in the standard library.