Password cracking: Difference between revisions

Revision as of 15:50, 24 July 2018

Steps required for password cracking software:

Identify which columns contain the username and the password (hashed or otherwise). May be easier to convert to a standard internal representation before processing.
Identify the algorithm used.
Identify whether a salt is used.

From these there are multiple stages:

How should these be delivered? Plain text file, SQLite database, Lightning Memory-Mapped Database (LMDB), something else?
What options does the chosen language support?
Which options are the most efficient?
Can lookup tables be built entirely in memory and then flushed to disk? Regular flushing as used by SQLite prevents data loss but may take longer due to regular I/O. (answer: Yes, just put the whole thing in a huge transaction and commit at the end).

Contents of lookup tables:

Ultimately most libraries end up being a wrapper around OpenSSL.

hashlib is the Python wrapper around OpenSSL and appears to be in the standard library.
Python bindings to LMDB

@@ Line 29: / Line 29: @@
 * Simple combinations, such as dictionary word concatenated with '1', '123' etc.
 * Every possible combination of case and 0-9a-z from 6-12 characters in length.
-=== Lightning Memory-Mapped Database (LMDB) ===
-* [http://lmdb.readthedocs.io/en/release/ Python bindings to LMDB]
 == Libraries ==
@@ Line 40: / Line 36: @@
 === Python ===
-[https://docs.python.org/3/library/hashlib.html hashlib] is the Python wrapper around OpenSSL and appears to be in the standard library.
+* [https://docs.python.org/3/library/hashlib.html hashlib] is the Python wrapper around OpenSSL and appears to be in the standard library.
+* [http://lmdb.readthedocs.io/en/release/ Python bindings to LMDB]